Arkib Negara ELECTRONIC RECORDS MANAGEMENT and archive mgmt guideline_eng

Recommendations

Info

e-SPARK 5.2.4 Key management As a general rule, keys and other material required to decrypt data should be accessible for the life of that data. Where encryption is only used for confidentiality during transmission, there should be no need for a key management plan. Continued access to the encryption keys is unnecessary if the sending agency retains a record of the unencrypted transaction and the receiving agency retains the decrypted record of the transaction. However, both agencies should ensure that the records are captured with recordkeeping metadata relating to the encryption process. If an agency decides to retain records in their encrypted form, then an ongoing key management plan is essential for enabling future access. The records created or received using online security processes such as PKI, should be disposed of according to the business activity to which they pertain, It is important to note that unauthorized alteration of a record as evidenced by an unverifiable digital signature, or inability to decrypt an encrypted record, may constitute de facto destruction of a record. 5.2.5 Recordkeeping, security and information management framework Authentication and encryption issues need to be addressed early and considered as part of an agency’s overall recordkeeping, security and information management framework. Developing such a framework involves: • Developing a policy and strategy for information management. • Assessing and implementing recordkeeping and information systems to maintain required records. • Identifying recordkeeping requirements. • Assigning responsibilities. 5.2.6 Policy and strategy To ensure the success of an online security program, especially when it involves the use of digital signatures and encryption, a strategy and companion policy for information resource management (including recordkeeping) should be developed. Preferably, the strategy should be developed as part of the online security program, and be in place before implementation of the program occurs. Recordkeeping related to online security technology should be part of an agency’s overall information management or recordkeeping policies. Copyright Arkib Negara Malaysia Page 59 of 86
e-SPARK Carefully thought-out strategy and policy documents are necessary, whether records will be captured and stored via an agency’s existing recordkeeping system(s), or as part of a separate system. 5.2.7 Identify record keeping requirements As well as managing records created by authentication and encryption processes, public offices need to know which records relating to their online security activities should be captured to support business needs, satisfy accountability requirements and meet general expectations of the broader community. Knowing recordkeeping requirements will facilitate the development of appropriate recordkeeping strategies and actions. 5.2.8 Assign responsibilities to records, business and IT managers Online security is a complex web of software, hardware, technology providers, external service providers, personnel, policies, procedures and agreements. Each of these elements may impact on several areas within a public office that use or provide these services. To ensure that all recordkeeping requirements relating to online security are addressed in a comprehensive manner, it is essential that recordkeeping responsibilities are identified, assigned and promulgated across a public office. Managers in the records, business or e-business, and IT areas will all have a role in the implementation and delivery of online security services. Establishing communication channels is a useful way of enabling information flow. Meetings should be held to ensure that questions and issues are addressed. Procedures can then be developed and disseminated to provide a measure of control. Interoperability of systems is essential for ensuring optimum accessibility of information, and provides long-term cost savings to a public office. If an area responsible for implementing online security has established communication channels with other areas likely to have some responsibilities, the required specifications are more likely to be known and understood. Checklists can be developed to ensure and new systems purchased will have the desired characteristics. High-level schema can be written for existing systems that may not be fully interoperable. Copyright Arkib Negara Malaysia Page 60 of 86
Page 1 and 2:
-----------------------------------
Page 3 and 4:
e-SPARK Guidelines on Electronic Re
Page 5 and 6:
e-SPARK 3.8 Destruction of electron
Page 7 and 8:
e-SPARK Following this introduction
Page 9 and 10:
e-SPARK Provide consisten
Page 11 and 12:
e-SPARK functions. The links betwee
Page 13 and 14: e-SPARK 2.5 Conditions for Electron
Page 15 and 16: e-SPARK Records are removable. The
Page 17 and 18: e-SPARK ‘Web’ Environment where
Page 19 and 20: e-SPARK The skills and experience o
Page 21 and 22: e-SPARK records generated within th
Page 23 and 24: e-SPARK o o Identifying and assessi
Page 25 and 26: e-SPARK The automated nature of nea
Page 27 and 28: e-SPARK The fact that most digital
Page 29 and 30: e-SPARK • Limit access to electro
Page 31 and 32: e-SPARK system while the restrictio
Page 33 and 34: e-SPARK An effective electronic rec
Page 35 and 36: e-SPARK is costly, requiring highly
Page 37 and 38: e-SPARK Back up records identified
Page 39 and 40: e-SPARK Electronic records are conv
Page 41 and 42: e-SPARK 3.7 Disposing of Electronic
Page 43 and 44: e-SPARK 3.7.5 Transferring electron
Page 45 and 46: e-SPARK The Arkib Negara Malaysia w
Page 47 and 48: e-SPARK 4.1.2 Cost Benefit-Analysis
Page 49 and 50: e-SPARK 4.1.5 Design • Establish
Page 51 and 52: e-SPARK 4.1.7 Maintenance • Estab
Page 53 and 54: e-SPARK Heads of Public Offices are
Page 55 and 56: e-SPARK Public offices are encourag
Page 57 and 58: e-SPARK policies, procedures and gu
Page 59 and 60: e-SPARK Typically, a business conti
Page 61 and 62: e-SPARK 5.2 Vital records Vital rec
Page 63: e-SPARK 5.2.3 Record keeping for en
Page 67 and 68: e-SPARK • Does the system allow f
Page 69 and 70: e-SPARK Technology considerations
Page 71 and 72: e-SPARK Appendix 1 Key Concepts and
Page 73 and 74: e-SPARK A w a r e n e s s / U n d e
Page 75 and 76: e-SPARK The infrastructure is requi
Page 77 and 78: e-SPARK issues in this environment,
Page 79 and 80: e-SPARK Appendix 2 Definitions Term
Page 81 and 82: e-SPARK Terms Non records Operation
Page 83 and 84: e-SPARK Terms Unstructured Definiti
Page 85 and 86: e-SPARK Handling and storage of the
Page 87 and 88: e-SPARK Below are examples of the t
Page 89 and 90: e-SPARK Storage requirements Qualif
Page 91: e-SPARK that can be read using avai
show all

Arkib Negara ELECTRONIC RECORDS MANAGEMENT and archive mgmt guideline_eng

Create successful ePaper yourself

Delete template?

Save as template?