Competency H

Be conversant with current information technologies and best practices relating to records preservation and security

Interpretation

The MARA program emphasizes the core concept that records must be preserved and protected through a combination of technology, policy and process. Preservation efforts rely on the application of technology regardless of whether records are paper-based or born digital and irrespective of format (structured, unstructured, linked, static or time-based). Current technology tools may be applied to transform an object or record to a more stable and universal format, as in the digitization of paper or analog media. This transformation supports preservation by protecting the record from technological obsolescence and degradation of the storage media.

Technology also supports preservation efforts by enabling the documentation of the context and provenance of records via the creation and capture of technical, administrative and preservation metadata, without which the record or data may be useless. This metadata capture and creation occurs upon ingest of a submission information package into a preservation platform. Preservica and Archivematica are examples of OAIS-compliant platforms that help to ensure that this valuable contextual information is preserved through the creation of an archival information object. The archival information object aggregates an event history within the ongoing preservation management system. The archival information object also enables appropriate access by users through a separate dissemination information package.

The technology to enable preservation is just one piece of a trustworthy records repository. Best practices include the application of standards, i.e. ISO 16363:2012 and ISO 17068:2013 for digital records in particular. These standards instruct us to develop a stable organizational infrastructure and a policy-driven accountability framework around the creation, management and access of archival digital records. A great deal of the focus of current standards address non-technological aspects of records management, such as fiscal sustainability, staff qualifications, and performance measurement and improvement. In order to realize the goals of a trustworthy preservation program, planning, partnership and communication are essential.

Security is another recurring and overarching theme throughout the MARA program. Once again the latest technology hardware and software tools by themselves are necessary but not sufficient to achieve an acceptable degree of “hardness” to a records and information security program. An entire framework must be created that includes strategy, tools, policy, management processes, training and awareness. The following evidence demonstrates that I have become conversant with many of the necessary tools and conceptual frameworks.

Supporting Evidence 1

The first evidence of my mastery of this competency is a fictional case study of a records management clean-up at a highly successful media content production company. The challenge described is to gain intellectual control over both paper and electronic business records from the last 35 years and to plant the seeds of a centralized information governance program. The case study describes the key objectives for the first year of the program: ERM and rights management for Legal records, balancing the RIM program budget, creation of a data and information map and establishment of a vital records program. The case study provides a timeline and deliverables list for each objective and includes the development of a taxonomy that will be used to extend the program going forward.

Supporting Evidence 2

The next piece of evidence that demonstrates my mastery of this competency is a discussion post that summarizes the value and utility of the Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE) method. My analysis describes how the OCTAVE approach addresses “cyber risk and resilience management” within organizations of any size in any industry. OCTAVE seeks to bridge the gap that commonly exists in organizations between the IT departmental focus on infrastructure and the business objectives and strategy which are often tied to particular information assets. The OCTAVE approach is an internal tool that serves to engage stakeholders and users across multiple functional areas in creating a culture that is proactive toward information security.

Conclusion

Preservation and security of records in use, in storage and in transmission requires a combination of tools and active human intervention at all physical and conceptual levels. No two implementations of a trustworthy digital repository will look exactly alike. Likewise no single security strategy is equally appropriate for all businesses or agencies. The strategy of the records manager is to be conversant in the tools and processes of stakeholders so that together they may evaluate options based upon the organization’s goals, objectives and resources. Records professionals apply their expertise and also help others be responsible to the organizations that they serve in the protection and preservation of information assets, for today and for the future.