Transcript Standard Presentation Template

Information
Governance
Part 1
The Information
Processing Management
Association (IPMA)
16 October 2007
Today’s Topic
Information Governance, Part 1:
Your organization’s legal,
regulatory, and business
obligations to capture and maintain
records that document official
business activities, transactions,
and decisions.
2
July 18, 2015
[Information Management]
Copyright © 2007 CA
Today’s Topic
Information Governance, Part 2:
Ways to enforce and to monitor the
implementation of your
organization’s records
management policies.
3
July 18, 2015
[Information Management]
Copyright © 2007 CA
Information Governance
>Ensures appropriate controls for
accurate access and availability of
information at the right time and by the
right people to make critical business
decisions
>Facilitates the proactive reduction of
risk and increased preparedness for
discovery while lowering costs,
improving returns and promoting
business agility.
4
July 18, 2015
[Information Management]
Copyright © 2007 CA
Recordkeeping Responsibilities
> A key component of Information Governance
> Who is responsible for records and
information management in your
organization?
5
July 18, 2015
[Information Management]
Copyright © 2007 CA
Recordkeeping Responsibilities
> Head of government agencies?
> CEOs and Presidents?
> Records Managers?
> Every employee?
6
July 18, 2015
[Information Management]
Copyright © 2007 CA
Recordkeeping Responsibilities - Corporate
> Organizations must follow recordkeeping
requirements for documenting its activities
> Federal, state and local governments entities
have an interest in your organization’s
activities
> Accounting, sales, and taxes records are
needed to determine the amount of tax due
7
July 18, 2015
[Information Management]
Copyright © 2007 CA
Recordkeeping Responsibilities - Corporate
> Employment and personnel records are also important to
government entities
 Government has enacted laws to protect employees
 Ensure payment of wages
 Protect health and safety of employees
 Eliminate discrimination
 Protect privacy
8
July 18, 2015
[Information Management]
Copyright © 2007 CA
Recordkeeping Responsibilities - Corporate
> Some government regulations are industry specific and
are designed to
 Safeguard public health, FDA
 Fraudulent business practices, SEC
 Dangerous products, OHSA
 Air and land pollution, EPA
 Security exchanges, lending practices, SEC
 Insurance, mail order transactions
 Foreign trade, immigration
9
July 18, 2015
[Information Management]
Copyright © 2007 CA
Recordkeeping Responsibilities - Corporate
> Doing business is regarded as a privilege rather
than as a right
> In order to transact business, the government
requires that organization follow its rules
> Some of those rules pertain to recordkeeping
requirements
> Failure to follow those requirements may subject
you to fines, penalties, and other adverse
consequences, such as losing the privilege to
transact business
10
July 18, 2015
[Information Management]
Copyright © 2007 CA
Sarbanes-Oxley Act of 2002
> Public Company Accounting Reform and Investor
Protection Act of 2002 and commonly called SOX
> in response to a number of major corporate and
accounting scandals including those affecting
Enron, Tyco International, Peregrine Systems and
WorldCom
> Established new or enhanced standards for all U.S.
public company boards, management, and public
accounting firms
> Contains 11 titles, or sections, ranging from
additional Corporate Board responsibilities to
criminal penalties
11
July 18, 2015
[Information Management]
Copyright © 2007 CA
Sarbanes-Oxley Act of 2002
> Title III mandates that senior executives take
individual responsibility for the accuracy and
completeness of corporate financial reports
> Describes specific forfeitures of benefits and civil
penalties for non-compliance.
> Section 802 of SOX addresses the destruction or
fabrication of evidence and the preservation of
"financial and audit records
> States that records must be retained for seven
years
12
July 18, 2015
[Information Management]
Copyright © 2007 CA
Sarbanes-Oxley Act of 2002
Whoever knowingly alters, destroys, mutilates,
conceals, covers up, falsifies, or makes a false
entry in any record, document, or tangible object
with the intent to impede, obstruct, or influence the
investigation or proper administration of any
matter within the jurisdiction of any department or
agency of the United States or any case filed under
title 11, or in relation to or contemplation of any
such matter or case, shall be fined under this title,
imprisoned not more than 20 years, or both
13
July 18, 2015
[Information Management]
Copyright © 2007 CA
Health Insurance Portability and
Accountability Act
> HIPAA was enacted by the U.S. Congress in 1996
> Established national standards for electronic health
care transactions and national identifiers for
providers, health insurance plans, and employers
> Address the security and privacy of health data
> Title II of HIPAA defines numerous offenses
relating to health care and sets civil and criminal
penalties for them
14
July 18, 2015
[Information Management]
Copyright © 2007 CA
Recordkeeping Requirements Government
> Title 36, CFR, Parts 1220 through 1238 includes
regulations that affect the records management
program of Federal agencies
> E-Government Act of 2002 calls for increased use of
electronic records management systems to provide
improved citizen-centered government services,
espcially web sites
> Title 18, U.S.C. § 2071 establishes criminal
penalties for the unlawful concealment, removal, or
destruction of Federal records
15
July 18, 2015
[Information Management]
Copyright © 2007 CA
Washington State Government Agencies
> RCW 40.14.020
> All public records shall be and remain the property
of the state of Washington. They shall be delivered
by outgoing officials and employees to their
successors and shall be preserved, stored,
transferred, destroyed or disposed of, and
otherwise managed, only in accordance with the
provisions of this chapter.
16
July 18, 2015
[Information Management]
Copyright © 2007 CA
Washington State Government Agencies
> RCRCW 40.14.040
> Each department or other agency of the state
government shall designate a records officer to
supervise its records program and to represent the
office in all contacts with the records committee,
hereinafter created, and the division of archives
and records management
> The records officer shall:
 Coordinate all aspects of the records management
program.
 Inventory, or manage the inventory, of all public
records for disposition scheduling and transfer
action
17
July 18, 2015
[Information Management]
Copyright © 2007 CA
What Records Are Public?
> A public record is any state or local record relating
to:
 The conduct of government; or
 The performance of a governmental function
> And which is:
 Prepared;
 Used; or
 Retained by any state or local agency.
18
July 18, 2015
[Information Management]
Copyright © 2007 CA
Definition Of Public Records
“Public Records" shall include any paper,
correspondence, completed form, bound record
book, photograph, film, sound recording, map
drawing, machine-readable material, compact disc
meeting current industry ISO specifications, or
other document, regardless of physical form or
characteristics, and including such copies thereof,
that have been made by or received by any agency
of the state of Washington in connection with the
transaction of public business, and legislative
records as described in RCW 40.14.100.
19
July 18, 2015
[Information Management]
Copyright © 2007 CA
Public Record Category 1
Official public records shall include all original
vouchers, receipts, and other documents necessary
to isolate and prove the validity of every
transaction relating to the receipt, use, and
disposition of all public property and public income
from all sources whatsoever; all agreements and
contracts to which the state of Washington or any
agency thereof may be a party; all fidelity, surety,
and performance bonds; all claims filed against the
state of Washington or any agency thereof; all
records or documents required by law to be filed
with or kept by any agency of the state of
Washington; and all legislative records.
20
July 18, 2015
[Information Management]
Copyright © 2007 CA
Public Record Category 2
Office files and memoranda include such records as
correspondence, exhibits, drawings, maps,
completed forms, or documents not above defined
and classified as official public records; duplicate
copies of official public records filed with any
agency of the state of Washington; documents and
reports made for the internal administration of the
office to which they pertain but not required by law
to be filed or kept with such agency; and other
documents or records as determined by the records
committee to be office files and memoranda
21
July 18, 2015
[Information Management]
Copyright © 2007 CA
Formats of Records
> Writings
> Recordings
> Pictures
> Electronic
> Magnetic Tapes
> E-mails
22
July 18, 2015
[Information Management]
Copyright © 2007 CA
Formats of Records
> Paper
> Recordings
> Pictures
> Electronic
> Magnetic Tapes
> E-mails
23
July 18, 2015
[Information Management]
Copyright © 2007 CA
Electronic Records
> More public records are electronically created and
maintained than ever before
> What do you do with them all?
> Do you have policies and procedures to preserve
and protect your agency records?
> Do you keep all agency records?
> Can you delete them?
> Can you provide access and authenticate those
records if called upon to produce them?
24
July 18, 2015
[Information Management]
Copyright © 2007 CA
Spoliation
> The intentional destruction of a document or an
alteration of it that destroys its value as evidence
> Failure to retain information that may be needed or
is expected to be needed in a suit, investigation, or
audit
> Applies to all retrievable information in computer
storage as well as paper records
> Rambus v. Infineon Technologies, court ruled that
if a company reasonably anticipated or ought to
anticipate litigation, it cannot simply carry out an
RRP, it must first save documents that might be
relevant to the litigation
25
July 18, 2015
[Information Management]
Copyright © 2007 CA
What is the solution?
How do you protect your company?
How do you avoid fines and penalties?
How do you avoid possible jail time?
26
July 18, 2015
[Information Management]
Copyright © 2007 CA
The Solution
> Records Management Program
> RM Policies and Procedures
> Electronic Recordkeeping System
> Records Retention Program
> Records Management Training
27
July 18, 2015
[Information Management]
Copyright © 2007 CA
Records Management Program
Is the systematic planning, controlling, directing,
organizing, training, promoting, and other
managerial activities involved in records creation,
maintenance and use, and disposition in order to
achieve adequate and proper documentation of the
policies and transactions of an organization and
effective and economical management of the
organization’s operations.
28
July 18, 2015
[Information Management]
Copyright © 2007 CA
Records Management Program
> Records management addresses the life cycle of
records, i.e., the period of time that records are in
the custody of Federal agencies. The life cycle
usually consists of three stages:
 Creation or receipt
 Maintenance and use
 Disposition
29
July 18, 2015
[Information Management]
Copyright © 2007 CA
Records Management Program
> Tools for maintaining and using records include
 File plans
 Indexes
 Controlled vocabularies, taxonomies
 Data dictionaries
 Access controls and security procedures
> The main tool used to manage the disposition of
records is the records retention schedule.
30
July 18, 2015
[Information Management]
Copyright © 2007 CA
Records Retention Program
> Period of time that records have operational, legal,
fiscal, or historical value
> Period of time records are considered active and
must be maintained in active filing areas
> Point of time when records can be reasonably
transferred to a secondary storage facility
> Method of disposal
> Procedures for complying with regulatory
requirements
> Procedures for applying a legal hold
31
July 18, 2015
[Information Management]
Copyright © 2007 CA
Desktop Records Management
> Employees are responsible for making and keeping
records of their work
> Employees decide if it is a record
> Employee decide where to file records
> Employees indirectly effect the disposition of
records
> The accuracy and effectiveness of your records
management program depends on employees
32
July 18, 2015
[Information Management]
Copyright © 2007 CA
Desktop Records Management
> How do you ensure that employees carry out their
records management responsibilities?
 Responsibly?
 Accurately?
 Consistently?
> That is the heart of Information Governance
> The solution – stay tuned for Part 2
33
July 18, 2015
[Information Management]
Copyright © 2007 CA
Bill Manago, CRM
Senior Compliance Strategist
CA Information Governance
Mobile: +1-201-519-4249
[email protected]
34
July 18, 2015
[Information Management]
Copyright © 2007 CA