Arkib Negara ELECTRONIC RECORDS MANAGEMENT and archive mgmt guideline_eng
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
e-SPARK<br />
Why? It is impossible for the <strong>Arkib</strong> <strong>Negara</strong> Malaysia to gain access to <strong>and</strong> store all the<br />
components of authentication schemes necessary to ensure their ongoing functionality. The<br />
Archives will be unable to re-validate digital signatures attached to records because it will not<br />
attempt to gain possession of the relevant public <strong>and</strong> private keys (or equivalent device).<br />
Similarly, the <strong>Arkib</strong> <strong>Negara</strong> Malaysia will not have the ability to decrypt records. There are<br />
many different means by which a record may have been encrypted <strong>and</strong> it would not be<br />
possible to guarantee the ongoing functionality of each one – or even gain access to the<br />
various schemes.<br />
If a record is transferred to the <strong>Arkib</strong> <strong>Negara</strong> Malaysia, it is unlikely that there will be a<br />
continuing business need for any attached digital signatures to remain functional.<br />
However, a public office needs to make a risk management decision on whether it continues<br />
to support the key management plan for records that have been transferred to the <strong>Arkib</strong><br />
<strong>Negara</strong> Malaysia. The agency may choose to capture appropriate recordkeeping metadata<br />
as sufficient proof that the digital signature was valid at the time of the transaction. On the<br />
other h<strong>and</strong>, the risk management process could require the agency to maintain the key<br />
management plan to provide access to the public key for the purpose of re-validation.<br />
Unencrypted or decrypted records should be transferred together with the contextual<br />
information (e.g. encryption details such as the name of the CA or RA provider, the<br />
reference number of the digital certificate that contained the public key, <strong>and</strong> the date <strong>and</strong><br />
time of the transaction).<br />
Meeting the recordkeeping recommendations contained within these <strong>guideline</strong>s will ensure<br />
the accessibility, readability, integrity <strong>and</strong> completeness of electronic records created during<br />
online security processes, <strong>and</strong> ensure that records transferred as national <strong>archive</strong>s will be<br />
well controlled <strong>and</strong> accompanied by appropriate metadata.<br />
Records transferred to the custody of the <strong>Arkib</strong> <strong>Negara</strong> Malaysia will be stored in conditions<br />
that ensure their security <strong>and</strong> long-term preservation <strong>and</strong> accessibility.<br />
Implementation Checklist<br />
The intention of this checklist is to serve as a tool that public offices can use when planning<br />
to use authentication <strong>and</strong> encryption technologies.<br />
Initial considerations<br />
<br />
<br />
Has your public office established the level of online security needed?<br />
Have online security processes been included in your public office’s recordkeeping,<br />
security <strong>and</strong> information management framework?<br />
Copyright <strong>Arkib</strong> <strong>Negara</strong> Malaysia Page 63 of 86