Ohio IT Policy ITP E Electronic Records

Click to download
Reviews
Shared by: Ohio
Categories
Tags
Stats
views:
28
rating:
not rated
reviews:
0
posted:
6/18/2008
language:
English
pages:
0
Ohio Office of Information Technology Ted Strickland, Governor R. Steve Edmonson, Director / State Chief Information Officer Statewide IT Policy Investment and Governance Division 30 East Broad Street, 39th Floor Columbus, Ohio 43215 614.644.9352 tel 614.644.9152 fax www.ohio.gov/itp NO: ITP-E.30 Effective: 01/21/2005 State of Ohio IT Policy Electronic Records Issued By: Gregory S. Jackson Director, Office of Information Technology State Chief Information Officer Published By: Statewide IT Policy Investment and Governance Division 1.0 Purpose The purpose of this electronic records policy is to (a) establish uniform electronic records guidelines for all state agencies; and (b) support the creation and maintenance of electronic records to ensure integrity, usability and survivability. 2.0 Scope Pursuant to Ohio IT Policy ITP-A.1, “Authority of the State Chief Information Officer to Establish Policy Regarding the Acquisition and Use of Computer and Telecommunications Products and Services,” this state policy is applicable to every organized body, office, or agency established by the laws of the state for the exercise of any function of state government except for those specifically exempted. The scope of this information technology policy includes state computer and telecommunications systems and the employees, contractors, temporary personnel and other agents of the state who use and administer such systems. 3.0 Background Recorded information is vital to the operation of Ohio government. Under state law, each state agency, office, institution, board and commission must establish and maintain a program for the management of that recorded information. The state is also strongly committed to providing access to public records. The policies and practices developed by state government have, for the most part, been sufficient when applied to traditional paper records. However, now that state government entities have become increasingly dependent on computer technology to accomplish their basic functions, there is an urgent need for new policies and guidelines that deal with records in electronic formats. Surveys conducted by the State Archives of Ohio in 1994 and 1995 suggested that state agencies lacked both the resources and expertise to manage their electronic records. Furthermore, most records officers and information systems administrators were found to be unaware of the archival and legal issues associated with maintaining records in electronic formats. Since then, the use of computer resources has become even more prevalent in state government. As a result, electronic records are being created and maintained at an ever-increasing rate. Many of these records may become inaccessible An Equal Opportunity Employer and Provider of ADA Services STATE OF OHIO IT POLICY ELECTRONIC RECORDS over time because long-term access was not made a priority. Hardware or software obsolescence, deterioration of storage media, and insufficient labeling and description are but a few of the problems that state agencies must contend with as they create and maintain these records. In an effort to confront and meet these challenges, the State Archives in conjunction with the Department of Administrative Services Office of Information Systems Policy and Planning, predecessor to the Office of Information Technology Statewide IT Policy, convened the Electronic Records Committee (ERC) in June 1998. This committee consisted of individuals from varying backgrounds having an interest in records and information technology. The ERC met three times in June 1998. The ERC also held two focus group sessions in July 1998 to get input from state agency information technology personnel. The electronic records policy is intended to establish principles for state government agencies to follow as they develop practices and systems for making and keeping records in the electronic environment. 4.0 References 4.1 Ohio IT Policy ITP-A.1, “Authority of the State Chief Information Officer to Establish Policy Regarding the Acquisition and Use of Computer and Telecommunications Products and Services,” defines the authority of the state CIO to establish State of Ohio IT policies as they relate to state agencies’ acquisition and use of information technology, including, but not limited to, hardware, software, technology services and security. The Ohio Historical Society functions as the state archives administration for the state and its political subdivisions and is responsible for preserving government archives, documents and records of historical value (ORC 149.31 [A]). A glossary of terms found in this policy is located in Section 8.0 - Definitions. The first occurrence of a defined term is bold italics. 4.2 4.3 5.0 Policy 5.1 Electronic information is a record if it satisfies the criteria defined by Ohio law. 5.1.1 Electronic records are compilations of data that are created or received by an agency or agency employee during the course of official duties and that document the organization, functions, policies, procedures, operations, or other activities of the office, as defined by ORC 149.011. In an electronic environment, records may exist in structures other than that of familiar documents traditionally found in paper record-keeping systems. Electronic records may be public records as defined by ORC 149.43 and, thus, subject to the public access provisions of ORC 149.43 (B). Electronic records are subject to audit and legal proceedings such as discovery and subpoenas. 5.1.2 5.1.3 5.1.4 ITP–E.30 Page 2 of 6 STATE OF OHIO IT POLICY ELECTRONIC RECORDS 5.2 Electronic records should be managed effectively as part of a comprehensive records management program. 5.2.1 In accordance with ORC 149.34 (A), the "head of each state agency, office, institution, board, or commission shall...establish, maintain, and direct an active continuing program for the effective management of the records of the state agency...". Employing records management procedures (i.e., scheduling systems/files to allow for the legal destruction of data) will facilitate the most cost effective use of the state's computer resources. 5.2.2 5.3 State agencies, boards and commissions should keep and manage their electronic records in compliance with standards, best practices and guidelines. 5.3.1 Agencies should make the fullest possible commitment to the required use of open, public, non-proprietary standards that facilitate communication between multiple systems and software. American National Standards Institute or other industry-wide standards, Office of Statewide IT Policy (ITP)-issued best practices should be used where applicable. 5.3.2 5.4 Work processes and tools should support the creation and management of electronic records. 5.4.1 Provision for adequate maintenance, disposal and preservation of electronic records should be built into work process and tools so that electronic records management is a routine and time-efficient activity. Appropriate descriptive data about electronic records must be captured at the time of creation. Unlike paper records, that data cannot be determined at a later date. Appropriate records management principles should be an essential component in the design of new systems or the upgrading of existing systems. 5.4.2 5.4.3 5.5 Electronic records should be created and maintained in reliable and secure systems. 5.5.1 Agencies should identify systems that create and maintain records. The development, modification, operation and use of these systems should be documented and measures should be taken to ensure reliability and security of records over time. Reliability refers to a record's authority and trustworthiness at the time of creation. To ensure reliability, agencies must establish procedures for creating official records electronically. Agencies must take measures to prevent unauthorized access to electronic records. 5.5.2 5.5.3 ITP–E.30 Page 3 of 6 STATE OF OHIO IT POLICY ELECTRONIC RECORDS 5.5.4 Data must be captured that document the context, content and structure of electronic records. Context establishes who created the record and the transaction of which it was a part. Content is the actual data. Structure is the format of the record. Structure must be captured so that the record can be migrated into the latest generation of hardware and software as necessary. 5.6 In most cases, electronic records should be maintained in electronic form, because preserving the context and structure of and facilitating access to those records are best accomplished in the electronic environment. 5.6.1 5.6.2 Electronic records can be classified as system-dependent or -independent. System-dependent records are records that require an electronic environment to provide meaning, context or accessibility. Systemdependent records should be migrated at least every five years. System-independent records are records that can exist independently of an electronic environment. System-independent records may be reformatted, with necessary metadata, into an eye-readable media. 5.6.3 5.7 Maintaining and providing access to electronic records over time is a shared responsibility. 5.7.1 Records managers and information technology managers of the originating agencies, the Department of Administrative Services' State Records Administrator and the State Archives of Ohio must work together to manage, preserve and provide access to electronic records. Transferring all historically significant electronic records from the originating agencies to the State Archives is neither cost effective nor practically feasible. However, in cases where the State Archives does not take physical custody of electronic records, staff will provide appropriate guidance to ensure long-term accessibility and physical preservation consistent with the applicable retention schedule. 5.7.2 6.0 Procedures None. 7.0 Revision History Date 05/01/1999 01/21/2005 Description of Change This Policy supersedes all previously released memoranda or policies on this topic. Removed responsibility references throughout the policy. Updated to current policy format. No substantive changes were made to policy content. Scheduled policy review. 01/21/2010 ITP–E.30 Page 4 of 6 STATE OF OHIO IT POLICY ELECTRONIC RECORDS 8.0 Definitions 8.1 Access to Public Records. All public records shall be promptly prepared and made available for inspection to any person at all reasonable times during regular business hours. Upon request, a person responsible for public records shall make copies available at cost, within a reasonable period of time. In order to facilitate broader access to public records, governmental units shall maintain public records in a manner that they can be made available for inspection in accordance with this division (ORC 149.43 [B]). Creation of Records. The head of each public office shall cause to be made only such records as are necessary for the adequate and proper documentation of the organization, functions, policies, decisions, procedures, and essential transactions of the agency and for the protection of the legal and financial rights of the state and persons directly affected by the agency's activities (ORC 149.40). Data. Coded representation of quantities, objects and actions. The word, “data” is often used interchangeably with the word, “information,” in common usage and in this policy. Destruction. Rendering IT-related property unusable and its data unrecoverable through shredding, incineration or other equivalent procedure. Integrity. The assurance that information is not changed by accident or through a malicious or otherwise criminal act. Because businesses, citizens and governments depend upon the accuracy of data in state databases, agencies must ensure that data is protected from improper change. Information systems that must ensure integrity will likely deploy techniques such as scheduled comparison programs using cryptographic techniques and audits. Public Office. Public office includes any state agency, public institution, political subdivision, or any other organized body, office, agency, institution, or entity established by the laws of this state for the exercise of any function of government (ORC 149.011). Public Record. Public record means any record that is kept by any public office, including, but not limited to, state, county, city, village, township, and school district units." Exceptions include: medical records; probation and parole records, underage abortion notification records, adoption proceedings; putative father registry records, trial preparation records; confidential law enforcement investigatory records, DNA records stored in the DNA database, inmate records released by the department of rehabilitation and correction to the department of youth services or a court of record, records maintained by the department of youth services pertaining to children in its custody released by the department of youth services to the department of rehabilitation and correction, intellectual property records, donor profile records and all records the release of which is prohibited by state or federal law (ORC 149.43). 8.2 8.3 8.4 8.5 8.6 8.7 ITP–E.30 Page 5 of 6 STATE OF OHIO IT POLICY ELECTRONIC RECORDS 8.8 Records. Records include any document, device, or item, regardless of physical form or characteristic, created or received by or coming under the jurisdiction of any public office of the state or its political subdivisions, which serves to document the organization, functions, policies, decisions, procedures, operations, or other activities of the office (ORC 149.011). Transfer or Disposal of Records. All records are the property of the public office concerned and shall not be removed, destroyed, mutilated, transferred, or otherwise damaged or disposed of, in whole or in part, except as provided by law or under the rules adopted by the records commissions provided for under sections 149.38 to 149.42 of the Revised Code or under the records programs established by the boards of trustees of state-supported institutions of higher education under section 149.33 of the Revised Code. Such records shall be delivered by outgoing officials and employees to their successors and shall not be otherwise removed, transferred, or destroyed unlawfully (ORC 149.351). 8.9 9.0 Related Resources None. 10.0 Inquiries Direct inquiries about electronic records to: State Archives Ohio Historical Society 1982 Velma Avenue Columbus, Ohio 43211-2497 Telephone: 614-297-2510 Direct inquiries about this policy to: Statewide IT Policy Investment and Governance Division Ohio Office of Information Technology 30 E. Broad Street, 39th Floor Columbus, Ohio 43215 Telephone: Facsimile: E-mail: 614-644-9352 614-644-9152 State.ITPolicy.Manager@oit.ohio.gov Ohio IT Policy may be found on the Internet at: www.ohio.gov/itp. 11.0 Attachments None. ITP–E.30 Page 6 of 6

Related docs
State of Ohio IT Policy
Views: 266  |  Downloads: 2
Ohio IT Policy ITP B Security Incident Response
Views: 59  |  Downloads: 4
ITP B Information Security Framework
Views: 19  |  Downloads: 4
Ohio IT Policy ITP B Malicious Code Security
Views: 29  |  Downloads: 0
ITP B Remote Access Security
Views: 28  |  Downloads: 1
ITP-E.8 Use of Internet, E-mail and Other IT Resources
Views: 12  |  Downloads: 0
Public Records Policy for the Ohio Counselor Social Worker and
Views: 0  |  Downloads: 0
ITB-2007.01 Electronic Communication and Public Records
Views: 9  |  Downloads: 0
OHIO TURNPIKE COMMISSION PUBLIC RECORDS POLICY AND PROCEDURES I POLICY
Views: 0  |  Downloads: 0
PUBLIC RECORDS POLICY It is the policy and intention of
Views: 1  |  Downloads: 0
ITP-B.3 Password and PIN Security
Views: 40  |  Downloads: 2
Other docs by Ohio
Audit Committee Charter
Views: 241  |  Downloads: 10
Common Stock Purchase Certificate
Views: 516  |  Downloads: 12
Mutual Termination Agreement and Release - Ariba Inc and Agile Software Corp
Views: 541  |  Downloads: 7
CorpDocs-Board Resolution Advising Filing of Bankruptcy and Call Shareholders Meeting
Views: 158  |  Downloads: 2
CorpDocs-Board Resolution Authorizing Adoption of Wage Continuation Plan
Views: 165  |  Downloads: 1
Compensation Commitee Charter
Views: 202  |  Downloads: 2
Form 5305-SEP Simplified Employee Pension - Individual Retirement Accounts Contribution Agreement
Views: 580  |  Downloads: 2
CorpDocs-Board Resolution Setting Officers Bonus Based on Net Profits
Views: 222  |  Downloads: 1
Standard Form 255 Architect-Engineer and Related Services Questionnaire for Specific Project
Views: 727  |  Downloads: 30
CorpDocs-Board Resolution Approving Merger With A Subsidiary
Views: 180  |  Downloads: 3
Agreement and Plan of Reorganization - Aboutcom Inc and North Sky Inc
Views: 169  |  Downloads: 0
THE REVERSE MERGER: BACKING INTO WALL
Views: 655  |  Downloads: 36
CorpDocs-Board Makes a Resolution Without Holding Meeting
Views: 252  |  Downloads: 8
Board Resolution For Officers Bonus to Be Paid as a Stock Option
Views: 190  |  Downloads: 6
Consent in Lieu of Shareholders Meeting (All Shareholders)
Views: 232  |  Downloads: 4