Site menu:

Categories

Links:

Archives



NARA Bulletin 2012-03, issued August 21, 2012 informed Federal agencies that, beginning October 1, 2012, we will use the Electronic Records Archive (ERA) for scheduling records and transferring permanent records to the National Archives.

As a reminder, we provide ERA support and training for agencies using ERA and agencies just getting started. These include:

  • Online ERA training modules for scheduling and transfer are available on the ERA eLearning Page.
  • NARA has recently updated the ERA Agency User Manual (.pdf) with expanded instructions and additional illustrations.
  • NARA provides Crosswalk Documents to illustrate how SF 258 fields correspond to ERA Transfer Request (TR) fields, and how SF 115 fields correspond to ERA Record Schedule (RS) fields in ERA.
  • Agency records managers in the Washington DC area may request specialized on-site assistance by completing an Online Training Assistance Request Form (.pdf).
  • For technical ERA system issues like resetting of passwords, etc., users can call the ERA Help Desk.  Agencies can call the ERA Help Desk from 6 AM to 8 PM EST at 1-877-372-9594.  Agencies can also reach the ERA Help Desk by e-mail to ERAHelp@nara.gov.

These resources and links to additional ERA support can be accessed on the ERA Homepage. Agencies needing additional information should contact their NARA appraisal or accessioning archivist.



Over the last few weeks, we have posted several items for comment that we want to remind people about. Please take a moment and go back through these posts if you have not yet had the opportunity.We welcome any comments.

First, we posted the draft of our Automated Electronic Records Management Plan in support of goal A3.1 of the Managing Government Records Directive. Comments are being accepted on the draft until April 25.

We have also concluded our three part series on Managing Records in Mobile Environments. The posts can be found here, here, and here. Please feel free to review and leave comments on any individual post or any general comments about our approach to this topic. Do you have any ideas for future postings?



Wi-FiIn this third and final post on mobile environments, the Records Management Policy Team will look at some ways Federal agencies can address the implications for managing records in a mobile environment. The steps that agencies can take to address security concerns have been well-covered in the many articles, vendor advertisements, and white papers on this topic. In contrast, the ways to address records management implications have not received the same level of attention, so we would like to start that discussion here. Please let us know your thoughts, any issues you’ve identified, and possible ways to address them.

One of the first things agencies can do is to recognize that employees have records management responsibilities when working on a mobile device or environment. We can point you to the three basic obligations for employees regarding Federal records, as outlined in NARA’s Telework FAQ:

  1. Create records needed to do the business of their agency, record decisions and actions taken, and document activities for which they are responsible;

  2. Take care of records so that information can be found when needed. This means setting up directories and files, and filing materials (in whatever format) regularly and carefully in a manner that allows them to be safely stored and efficiently retrieved when necessary; and

  3. Carry out the disposition of records under their control in accordance with agency records schedules and Federal regulations. Employees also must consider and follow agency-specific policies for managing records that contain personally-identifiable or security-classified information.

Secondly, agencies can look for best practices emerging in the Federal community around mobile. We’ve found the following best practices that could be useful to agencies who are beginning to address general mobile concerns that also affect records management:

  • Promulgate clear and concise policies that address the risks and concerns for BYOD programs and mobile environments

  • Provide training to employees on the appropriate use and conduct for using personal devices for work purposes, including management of records.

  • Have employees sign consent forms in writing so they understand what they are agreeing to when using their personal devices, especially for devices that may be wiped to avoid situations like this

  • Work with agency general counsel, IT staff, and the employees’ union to draft rules that balance employee privacy and agency security

  • Allow data to only be viewed by users on a device and not stored or replicated on the device. Keep data in central repository.

  • Implement “container” technology to separate work and personal uses of the same device. A device with this technology can be divided into personal and work sections, so that memory is assigned for each space. Then the only the work side could be wiped when the employee leaves or a device is lost.

  • Implement mobile device management (MDM) and mobile application management (MAM) solutions to push the appropriate data from enterprise systems to devices

  • Configure and manage devices with “information assurance controls commensurate with the sensitivity of the underlying data as part of an overall risk management framework.” (BYOD Toolkit, White House)

  • Remove government-owned devices that are not in use from the network, capture any records, and wipe them.

Third, agencies may consider establishing mobility policies that address the question of records management in a mobile environment.  In numerous Bulletins (Social Media, Email, Capstone), we’ve talked about the need for agencies to have policies that address the who, what, where, when, and why of managing records. We often talk about the importance of enlisting the assistance of a number of agency stakeholders when developing policy or even to form a working group that includes records management staff, information technology staff, privacy and information security staff, agency counsel, public affairs staff, and other relevant stakeholders. This type of  group could ideally meet regularly to discuss the records management concerns for a variety of topics, including the topic of managing records in a mobile environment.

For the Records Management Policy Team, one question we are considering is, “Does it matter what tool is used to create records and should policies be developed to address the records management implications of using mobile devices?” If so, what policy would be needed? We recognize that NARA guidance is often used by agencies who in turn develop their own specific policies. Such policies can help agencies articulate clear processes, policies, and recordkeeping roles and responsibilities for records in a mobile environment to ensure that records are identified, managed and captured.

We invite you to comment below with your thoughts about what Federal records management policies would be helpful agencies’ mobile environments.

Finally, there are a number of resources available to assist in managing content and devices in mobile environments. Below are some of the resources we’ve found helpful:

See also the following NARA resources:

What do you think? What records management implications have we missed? We would love to hear your thoughts and to keep the discussion going on this important topic.

Image credit: “Wi-Fi” by Fuma Ren under the Creative Commons Attribution-Share Alike 3.0 Unported license.



Wi-FiIn our first post, the Records Management Policy Team explored a bit of the current environment for mobile work in the Federal government and the reality that employees are using their mobile devices to conduct agency business. In this second post, we will review the risks and records management considerations for Federal agencies.

When Federal employees work in mobile environments, they will likely be creating records. Depending on how the mobile devices are set up, they could be accessing, downloading, or storing files on their devices – either securely or insecurely. According to various industry studies and surveys, Federal employees are carrying out these activities regardless of whether their agency has a BYOD or a mobile device use policy. This is to say, whether or not agencies have embraced mobility, their employees are using these tools to perform their mission.

Clearly, mobility offers new way for employees to create, maintain and dispose of Federal records and information. So, what are the risks?

According to NIST’s Guidelines for Managing the Security of Mobile Devices in the Enterprise, “Mobile device features are constantly changing, so it is difficult to define the term ‘mobile device’. However, as features change, so do threats and security controls, so it is important to establish a baseline of mobile device features.” When employees use devices without following agency policies or lack mobile device management tools, they open themselves and their agencies up to information, transmission, and operational security risks. These risks include:

  • Lost or stolen devices that contain Federal records

  • Device misuse (mobile device jailbreaking or rooting)

  • Inconsistent mobile device data protection policies

  • Legal issues related to e-discovery, confiscation rights, wiping rights, and liability issues

  • Lack of interoperability for content and systems

  • Insufficient data encryption

  • Using apps not approved by the agency that may be malicious. Applications in turn have access to address books, GPS data, text messages or internal networks.

  • Inadequate integration with agency network access control and endpoint management

  • Increased costs for the agency to support different mobile platforms and acquire more software licenses for the same user

  • Mobile malware or spyware and malicious texting or SMSing

To complement these broader risks and concerns we’ve identified several implications for records management. Agencies may face many of the following challenges when managing records in a mobile environment:

  • Identification of records when content may be located in multiple places

  • Capture of complete records in a manner that ensures their authenticity and availability when records frequently change and are located in many places

  • Data being stored or replicated on the device or in an application instead of only being accessible from a central repository

  • Development and implementation of records schedules, including the ability to transfer and permanently delete records, apply legal holds, or perform other records management functions when it is unclear where records reside

  • Ownership and control of data that resides with a third party

  • Unsecured content

  • Reliance on individuals to follow agency policies

  • Creation of agency policies to address how personal devices and personal information would be handled in the case of investigations or requests for information

  • Sources and formats of records will continue to change and it may be difficult for agency records management policies, processes, and technology to keep up.

Have you seen these risks? Are there any risks we’ve missed? Let us know in the comments.

Stay tuned for the third and final post next week for a discussion on how we can begin to address these challenges.

Image credit: “Wi-Fi” by Fuma Ren under the Creative Commons Attribution-Share Alike 3.0 Unported license.



Another Records Management position has opened here at the National Archives. We have just posted our Director of Corporate Records Management Position (GS-0301-15) on USA Jobs. This position is open for Merit Promotion candidates and closes on April 1, 2014. We encourage all qualified candidates to consider this critical records management leadership position.

Also, we want to take this opportunity to recognize Susan Sullivan, our current Director of Corporate Records Management, who is leaving Federal service. Thank you Susan for all of your service and leadership in the Federal Records community. We will see you on the ski slopes!

 

October 2014
M T W T F S S
« Sep    
 12345
6789101112
13141516171819
20212223242526
2728293031  

Tags

Subscribe to Email Updates