The National Archives

3y ago
27 Views
3 Downloads
199.63 KB
18 Pages
Last View : 1d ago
Last Download : 2m ago
Upload by : Esmeralda Toy
Transcription

Business requirements formanaging digital informationand records Crown copyright 2013You may re-use this information (excluding logos) free of charge in any format or medium, underthe terms of the Open Government Licence. To view this licence, icence or email psi@nationalarchives.gsi.gov.uk.Where we have identified any third-party copyright information, you will need to obtain permissionfrom the copyright holders concerned.This publication is available for download at nationalarchives.gov.uk.

Business requirements for managing digital information and recordsContentsIntroduction . 3The benefits of managing information . 41. User focus . 52. Governance, ownership and accountability . 63. Proportionate use of resources . 74. Applications perform consistently . 85. Digital continuity . 96. Disposal . 107. Transfer . 118. Audit and compliance . 12Annex A:Mapping of business requirements to key information legislation compliancerequirements . 13Last updated November 2013Page 2 of 18

Business requirements for managing digital information and recordsIntroductionThis guidance describes eight common outcomes that if delivered will ensure the value of digitalinformation, and the benefits of managing it, are realised. Business requirements describe at thehighest level what the business should achieve and why. The ways in which they are metthrough applications and process - the how - are detailed within functional or operationalspecifications. The business requirements are:1. user focus.2. governance, ownership and accountability3. proportionate use of resources4. applications perform consistently5. digital continuity6. disposal7. transfer8. audit and complianceIndividual organisations may have additional requirements which are out of the scope of thisguidance.The National Archives has worked with a number of government departments to develop thiscommon set of outcomes. They support the realisation of the benefits of managing digitalinformation (and records) without adding complex sets of rules or applications that users do notneed or cannot apply within their individual context. They support the need for ensuringgovernance, compliance and standards within an organisation’s strategy to build its digitalinformation management capability. They are flexible and user-focused, promoting thedepartment's management of risk and the understanding and utilisation of existing tools.The requirements align with the second of the Information principles: ‘information must bemanaged’, and are themselves further supported by the Section 46 Code of practice and otherguidance provided by The National Archives.Last updated November 2013Page 3 of 18

Business requirements for managing digital information and recordsThe benefits of managing informationThe successful management of information is an enabler for:the efficient and effective delivery of services to government and to the citizenthe exploitation, sharing, use and re-use of an organisation’s information assetsthe potential rationalisation of an organisation’s technology infrastructurethe efficient and effective use of the technology infrastructuretransparency, accountability, citizen participation and legislative compliancethe mitigation of the risk of loss of information within line of business systems andapplicationsAchieving these outcomes requires a balance between enabling the users’ need for informationavailability (the business need) and the performance of the available systems and applicationswhich may not always match exactly. Therefore any successful information managementstrategy requires:a strategic vision that covers the needs for current, future and legacy informationtime and resources to support:o raining and implementationo technology, process and business analysiso ongoing management activityLast updated November 2013Page 4 of 18

Business requirements for managing digital information and records1. User focusPolicies, processes and supporting technology must be user focused to eliminate barriersto use.Adopting any application or development of an information management policy or processthat presents barriers between users and the way they need to access information creates arisk that alternative ways of working will be sought. This can lead to:o wasted costs of procurement and implementationo individual information repositories outside of a central corporate control or governanceo information not being properly understood because it cannot be related to informationwithin separate repositorieso an inability to comply with information legislation and / or unable to meet officialscrutinyo short term ‘quick-fixes’ being implemented that don’t resolve long term issueso an inability to deliver services or reduction in the quality of services deliveredo information being used or released that is misleading or incorrect leading to furthermisinformation, financial or reputational damageo users’ time and resources wasted with potential cost implicationsConflicting requirements may exist between different user groups:o internal (staff needs)o internal (business needs)o external organisations and their staff (other departments and government officials,wider public sector organisations and private sector organisations)o citizens (through services, transparency requests or citizen participation)othere are also current and future needs across all user groupsLast updated November 2013Page 5 of 18

Business requirements for managing digital information and records2. Governance, ownership and accountabilityInformation assets, the technology that supports them, and the business requirements,policies, and processes that govern them, must have defined and accountable owners.If information assets are not owned and understood their value cannot be effectively released.Ownership of information should include:o defined ownership with appropriate oversight and accountability for the informationassets’ managemento an accessible governance framework for asset owners that defines the relevantlegislation, policy, standards and good practice to ensure effective management of theasseto the collaboration and co-ordination of a multi-disciplinary team to oversee theownership of information assets that includes:o information managerso ICT managerso information assurance and securityo business change teamso business owners, and potentially legal, audit and communications teams indelivering each requirementEqually all users need to understand they are accountable for their own actions. They shouldbe aware of the legislative requirements they need to fulfil and their responsibilities inensuring the business requirements are met.Last updated November 2013Page 6 of 18

Business requirements for managing digital information and records3. Proportionate use of resourcesThe time, resource and effort expended on managing information must be proportionateto its value.Managing information requires an investment of time, money and people to createappropriate policies and processes and implement suitable systems, security and storage.Information value will differ between users and the business. To avoid disproportionatemanagement of ephemeral information identify the value of information assets and record itin an information asset registerThe value of an information asset can be said to equate to:o the content of the asset, especially if sensitive in any wayo the effort required to keep the asset available, complete and usableo the length of time, including any legal requirement, an asset needs to be held by thebusinesso the consequences of the asset not being available or being accessed inappropriatelyWhere actions and activities are not commensurate with the value of information, theorganisation can be exposed to unnecessary cost and create additional burdens on users andthe IT infrastructureThe value of information may change over time, especially aspects of sensitivity. To avoid ongoing over-management, periodically review and re-value assessts accordinglyPlacing information value at the heart of the decision making process establishes aframework for good governance, risk management and efficient decision making led bybusiness needMaking value-led decisions enables pragmatic approaches to information security andappropriate use of applications and storage for information assets. It also supports costsavings by identifying information assets and technology no longer requiredThe business value of information may not be commensurate with the cost of maintaining itLast updated November 2013Page 7 of 18

Business requirements for managing digital information and records4. Applications perform consistentlyApplications used to store and manage information assets should operate in a predictableand consistent way.Information management applications should operate predictably to ensure users understandhow information assets can be accessed, used and managed. Applications should ensure twokey attributes are properly maintainedo the information asset is maintained in a common format that all relevant users canaccess easily with the available softwareo key information management activities are performed in a reliable and predictable wayThe application should perform these tasks consistently to support:o increased efficiencies across an organisation through a common understanding of theoutputs of each system or application (for example all disposal criteria across eachsystem and application use the same metadata schema)o improved information flows within and outside of the departmento improved compatibility and interoperability across the IT infrastructureo the unified management of different types of asset within across applicationsConsistency is equally supported by the use of:o common standards; especially important when these are shared by multipleorganisations hoping to share or re-use the asseto a common approach to risk mitigation, especially to managing loss of informationwithin the applicationLast updated November 2013Page 8 of 18

Business requirements for managing digital information and records5. Digital continuityThe value of information can only be fully realised if each asset has the attributes ofavailability, completeness and usability (collectively referred to as digital continuity).Information is:o available when it can be found in a timely manner and opened in a readable formo complete when it has context and an assured qualityo usable when it can be manipulated as required with the user’s available technologyThe absence of any one of these three attributes can render the information either effectivelylost within the system or not fit for purpose meaning:o tasks cannot be carried out and services cannot be deliveredo information is unavailable for sharing, re-use, publication, transfer or to meet calls forscrutinyUnderstanding the requirements for managing completeness, availability and usabilityenables a department to:o deliver appropriate, cost-effective technology in support of its information assetso assess risks to the long term suitability of its technology environment to manage criticalinformation assetso make decisions about the release of information for exploitation, re-use or to fulfilobligations for transparencyo highlight user requirements that the department is not aware of or not planning for andtherefore unable to meeto understanding and manage technology compatibility issues between the departmentand external recipientsLast updated November 2013Page 9 of 18

Business requirements for managing digital information and records6. DisposalInformation must be disposed of when no longer required by the business in line withlegislative requirements.There are legislative requirements for (some) information to be disposed of after a certainlength of time (Public Records Act, Data Protection Act)Information held for longer than required carries unnecessary risk and cost:o excessive costs in terms of software licences, storage, IT support and back-upso excessive storage adding burden to servers, creating inefficiencieso increased search times owing to volume of information, potentially causing complianceissues with information legislationIf information is held and it should have been disposed of to meet legislative requirements,the department may be found to be non-compliant or negligent. In these circumstances thedepartment may face:o action from a regulatory body (for example, the Information Commissioner’s Office) orofficial scrutiny (such as a Parliamentary Accounts Committee)Where the department is found to be non-compliant or negligent it can incur further actions orpenalties, particularly in relation to loss or misuse of personal dataLast updated November 2013Page 10 of 18

Business requirements for managing digital information and records7. TransferApplications used to store and manage information assets must enable the transfer of thecontent, context, value and ownership must be transferable.Applications should support the transfer of information assets between:o internal systems - version upgrades or migration to new platformso external organisations -either for collaboration or where ownership of the asset istransferredo other organisations or platforms - to facilitate the release or publishing of thatinformationThis should include transfer of the descriptive, structural and management metadata toprovide the context and value of the asset to the receiving organisation. Where this is nottransferred:o the context of the asset may not be able to be fully understoodo the asset may be rendered unavailable, incomplete or unusableo the recipient cannot ascribe an appropriate value to the asset relative to its owninformation assets and any others transferredIf holding information on behalf of another organisation for any length of time it is equallyimportant to retain this contextual understanding until it is returned to the original owner.Last updated November 2013Page 11 of 18

Business requirements for managing digital information and records8. Audit and complianceInformation assets are evidence of a department’s actions, decisions and processes andmay be subject to requests for access or to official scrutiny.Applications used to store and manage information must be able to provide reports on oraudit trails of all activity associated with assets stored within or managed by it. This is tosupport information as being maintained as evidence, without which the integrity of the assetcould be called into questionWhere a department does not have visibility of the actions assets have been subject to thereare significant risks that:o departments cannot track whether information has been released either under aFreedom of Information or Data Protection request or for transparency or reuseo departments cannot state categorically whether they hold an information asset,whether it has been disposed of whether it may have been disposed of or transferredto another organisationo information assets will be inappropriately accessed, deleted or sharedo the true value of the information in relation to a user’s need to access it cannot bedeterminedLast updated November 2013Page 12 of 18

Annex A: Mapping of business requirements to key information legislation compliancerequirementsLegislation andrelated codes ofpracticePublic Records ActRefs3(1)1958RequirementTo make arrangements for the selection of thoseRelevantbusinessrequirement1, 2, 4, 5, 8Related Codes ofpracticeS46 Code of practicepublic records which ought to be permanentlyGood records managementpreserved and for their safe-keepingpractice recommendationss3(4)Public records selected for permanent preservationunder this section shall be transferred not laterthan 20 years after their creation either to TheNational Archives or to such other place of depositappointed by the Lord Chancellor under this Act (tobe amended to 20 under Constitutional Reform andGovernance Act s 45 (1) (a))s3(4)Records may be retained after the said period, if inthe opinion of the person who is responsible forthem5, 7, 4, 8

Business requirements for managing digital information and recordss3(6)Public records not required for permanent6, 4, 8preservation should be destroyed (after 20 years)Records transferred closed to The National7,8Archives must be done so against an agreedexemption under the Freedom of Information Act2000Data Protection ActSchedule 1,Personal data shall be processed fairly and2, 4, 81998Part 1lawfully and, in particular, shall not be processedGood records managementunless authorised/required by or under anypractice recommendationsenactment, convention or instrument imposing aninternational obligation on the United KingdomSchedule 1,Personal data shall be obtained only for one orPart 1more specified and lawful purposes, and shall not2, 8be further processed in any manner incompatiblewith that purpose or those purposesSchedule 1,Personal data shall be adequate, relevant and notPart 1excessive in relation to the purpose or purposes for2, 8which they are processedLast updated November 2013S46 Code of practicePage 14 of 18

Business requirements for managing digital information and recordsSchedule 1,Personal data shall be accurate and, where4, 8Part 1necessary, kept up to dateSchedule 1,Personal data processed for any purpose orPart 1purposes shall not be kept for longer than is6, 8necessary for that purpose or those purposesSchedule 1,Personal data shall be processed in accordancePart 1with the rights of data subjects under this ActSchedule 1,Appropriate technical and organisational measuresPart 1shall be taken against unauthorised or unlawful2, 82, 4, 5, 8processing of personal data and againstaccidental loss or destruction of, or damage to,personal dataSchedule 1,Personal data shall not be transferred to a country 2, 8Part 1or territory outside the European Economic Areaunless that country or territory ensures anadequate level of protection for the rights andfreedoms of data subjects in relation to theprocessing of personal dataLast updated November 2013Page 15 of 18

Business requirements for managing digital information and recordsFreedom of Information s19Publish certain information proactively1, 2, 4, 5, 7, 8S45 Code of practiceRespond to requests for information. To know what1, 2, 4, 5, 7, 8Recommendations forAct 2000s1public authorities aboutyou hold and to be able to provide access to ittheir handling of requestsS46 Code of practiceGood records managementpractice recommendationsEnvironmentalPart 2,Make environmental information availableInformationregulation 4proactively, using easily accessible electronicdischarge of the obligationsmeans whenever possibleof public a

Author: Authorised User Created Date: 11/8/2013 12:05:59 PM

Related Documents:

May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)

Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .

On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.

̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions

Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have

Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được

Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. Crawford M., Marsh D. The driving force : food in human evolution and the future.

Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. 3 Crawford M., Marsh D. The driving force : food in human evolution and the future.