ARMA METRO MARYLAND CHAPTER NOVEMBER 18, 2010 Records Management, Transparency and Open Gov: An Update from NARA
ARMA METRO MARYLAND CHAPTERNOVEMBER 18 , 2010
Records Management, Transparency and Open Gov:
An Update from NARA
Overview
Open Government and NARANARA Bulletin on Cloud ComputingNARA Bulletin on Web 2.0/Social MediaNARA’s Use of Social Media
Disclaimer: The opinions expressed in this presentation are mine and do not represent any official position of the National Archives and Records Administration
NARA and Open Government http://archives.gov/open/
“Backbone of Open Government”
Federal agencies need to create and manage economically and effectively the records necessary to meet their business needs.
They need to maintain records long enough, and in a useable format, to protect citizen rights and assure government accountability.
And they need to ensure that records of archival value are preserved and made available for generations to come.
Records Control Repository
http://archives.gov/records-mgmt/rcs/
Provides access to scanned versions of records schedules that have been developed by Federal agencies and approved by the Archivist
From 1973 – presentNew schedules added as approved
NARA Bulletin 2010-05
Guidance on Managing Records in Cloud Computing Environments
Released: September 8, 2010http://go.usa.gov/x1u
http://archives.gov/records-mgmt/bulletins/2010/2010-05.html
Cloud Computing: Definition
NIST defines cloud computing as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” (NIST Definition of Cloud Computing, Version 15, 10-07-2009)
NIST’s Essential Characteristics
On-demand self-service Increase storage, etc. automatically
Broad network access Capabilities are available over the network
Resource pooling The provider’s computing resources are pooled to serve multiple
consumers There is a sense of location independence; customer generally has
no control or knowledge over the exact location of resourcesRapid elasticity
Quickly scale out or scale in computing powerMeasured Service
automatically control and optimize resource through a metering capability
Cloud Computing – Service Models
Cloud Software as a Service (SaaS) Provider’s applications running on a cloud infrastructure Consumer does not manage or control the underlying cloud
infrastructure Web mail systems in the cloud
Cloud Platform as a Service (PaaS) Consumer-created or acquired applications created using
programming languages and tools supported by the provider Consumer does not manage or control the underlying cloud
infrastructure Cloud Infrastructure as a Service (IaaS)
Consumer receives computing resources that the consumer is able to deploy and run arbitrary software, which can include operating systems and applications
Consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls)
Cloud Computing – Deployment Models
Private cloud Cloud is operated solely for an organization by the organization
or a third partyCommunity cloud
Cloud is shared by several organizations and supports a specific community that have mutual concerns
Public cloud Cloud is made available to the general public or a large industry
group and is owned by an organization selling cloud servicesHybrid cloud
Cloud is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability
Cloud Computing Use By Agencies
Team interviewed four agencies using cloudsAll received business benefits to solve various
problemsSome created private cloud others used
commercial offeringsAll had some issues with records management
One keeps everything, but is working to figure it out Two are still working on agreements that place
responsibility on participating agencies, but not the providing agency
So Is There A Problem?
PotentiallyIf the benefits of the drivers outweigh
perceptions of records management responsibilities
If cloud solutions are procured without consideration of records management requirements
If particular cloud deployments present insurmountable obstacles to exercising records management
Some RM Challenges
Cloud applications may lack the capability to implement records disposition schedules Maintaining records in a way that
maintains their functionality and integrity throughout the records’ full lifecycle
Maintaining links between the records and their metadata
Transfer of archival records to NARA according to NARA-approved retention schedules
Some RM Challenges
Depending on the application, vendors may not be able to ensure the complete deletion of records
Various cloud architectures lack formal technical standards governing how data are stored and manipulated in cloud environments
Some RM Challenges
A lack of portability standards may result in difficulty removing records for recordkeeping requirements or complicate the transition to another environment
Agencies and cloud service providers need to resolve issues if a cloud service ceases or changes dramatically
Meeting RM Challenges
Provisos1. Differences between service models affect how
and by whom (agency/contractor) records management activities can be performed
2. Service or Deployment Models used could affect where records are stored or created
PaaS and IaaS might contain no Federal records depending on how they are used
3. In SaaS model, records may often be held in contracted space
Meeting RM Challenges
Include RM staff in cloud computing solutionDefine which copy of records will be declared
as the agency’s record copy (value of records in the cloud may be greater than the value of the other set because of indexing or other reasons)
Include instructions for determining if records in a cloud environment are covered under an existing records retention schedule
Meeting RM Challenges
Include instructions on how all records will be captured, managed, retained, made available to authorized users, and retention periods applied
Include instructions on conducting a records analysis, including records scheduling
Include instructions to periodically test transfers of records to other environments, including agency servers, to ensure the records remain portable
Meeting RM Challenges
Include instructions on how data will be migrated, so records are readable throughout their entire life cycles
Resolve portability and accessibility issues through good records management policies and other data governance practices
Contracting
Agency is always responsible for its Federal records even if they are in contracted space
Agencies must ensure contractors are aware of the agencies’ RM responsibilities
Agencies must work with contractors to manage records
If a contractor quits the business, agencies must get the records back
Contracting
We created model language that informs all parties of RM responsibilities Working to add similar language to GSA’s apps.gov
storeAgencies can modify as needed, other clauses
can be included in contractsAgencies may be partners in a private or
community Include RM in MOUs or other agreements
NARA Bulletin 2011-02
Guidance on Managing Records in Web 2.0/Social Media Platforms
Released: October 20, 2010http://go.usa.gov/aUJ
http://archives.gov/records-mgmt/bulletins/2011/2011-02.html
What is the purpose of the Bulletin?
Guidance on managing records produced when using web 2.0/social media platforms
Expands on NARA's existing web guidance Implications of Recent Web Technologies for
NARA Web Guidance NARA Guidance on Managing Web Records
Not intended to provide agencies with model schedules or step-by-step guidance
What is Web 2.0 and Social Media?
Integrates web technology, social interaction, and content creation
Individuals or collaborations of individuals, create, organize, edit, comment on, combine, and share content
Agencies are using social media and web 2.0 platforms to connect people to government and to share information
Social Media Categories
Web Publishing
Social Networking
File Sharing/Storage
How are Federal records defined?
Provides definition of Federal Records based on Federal Records Act (44 U.S.C. 3301)
Refers to 36 C.F.R. 1222.10 for guidance on how agencies should apply the statutory definition of Federal records
27
Are Federal records created when agencies use web 2.0/social media platforms?
Agencies must determine records status (FRA and regulations)
Principles for analyzing, scheduling, and managing records are independent of the medium
Are Federal records created when agencies use web 2.0/social media platforms?
If any answers are YES, then content is likely a record: Is the information unique and not available
anywhere else? Does it contain evidence of an agency’s policies,
business, mission, etc.? Is this tool being used in relation to the
agency’s work? Is use of the tool authorized by the agency? Is there a business need for the information?
Noteworthy RM challenges associated with the use of web 2.0/social media
Public expectations that all content is both permanently valuable and accessible
Content located in multiple places Recordkeeping in a collaborative environment Ownership and control of data that resides with a third
party Interactive content management Identification of record series Implementation of schedules, including transfer and full
deletion Capture of frequently updated records Handling of records containing PII (See OMB M 10-23)
RM Challenges in Social Media
Determine their specific RM strategies to meet the regulations
Records officers, web management staff, and IT staff, need to collaborate
Consider the following areas: Policy Records Scheduling Preservation
31
Policy
Areas to consider include: Identifying what constitutes a record, including
user generated content Defining ownership of content and
responsibility Developing recordkeeping requirements Incorporating recordkeeping practices and
requirements into terms of service (TOS) Communicating records policies Monitoring the ongoing use and value Monitoring changes to third-party TOS
Records Scheduling
Agencies must schedule social media records or apply existing disposition authorities as appropriate Consider whether the use and functionality of the
platform affects value of the record, before applying an existing schedule
Develop new schedules if the tool provides enhanced processes, functionality, added metadata, or other features
Existing authorities apply if there is a previously approved media neutral schedule or records are administrative housekeeping
See Appendix A for records scheduling flow chart
Preservation
Areas to consider include: Saving all content with associated metadata as the
complete record Using web crawling and software to store content or take
snapshots of record content Using web capture tools to create local versions of sites
and migrate content to other formats Using platform specific application programming
interfaces (API) to pull record content as identified in the schedule
Using RSS Feeds, aggregators, or manual methods to capture content
Leveraging supporting underlying specifications, services, data formats, and capabilities to provide generic functions useful for fixing, capturing, and managing record content
Agency Responsibilites Towards Contractors
Managing records – in house or third partyService providers could stop providing their
service or delete information from an agency's account
Ability to identify and retrieve Federal records on web 2.0/social media platforms
Where possible, include a RM clause when negotiating a Terms of Service agreement
Consider RM responsibilities when selecting and using platforms
Sample “Terms of Service” Clause
The Agency acknowledges that use of contractor’s site and services may require management of Federal records. Agency and user-generated content may meet the definition of Federal records as determined by the agency. If the contractor holds Federal records, the agency and the contractor must manage Federal records in accordance with all applicable records management laws and regulations, including but not limited to the Federal Records Act (44 U.S.C. chs. 21, 29, 31, 33), and regulations of the National Archives and Records Administration (NARA) at 36 CFR Chapter XII Subchapter B). Managing the records includes, but is not limited to, secure storage, retrievability, and proper disposition of all federal records including transfer of permanently valuable records to NARA in a format and manner acceptable to NARA at the time of transfer. The agency is responsible for ensuring that the contractor is compliant with applicable records management laws and regulations through the life and termination of the contract.
What other NARA resources are available?
Web StudyToolkit for Managing Electronic RecordsBulletin on Multi-Agency EnvironmentsWeb Transfer GuidanceNRMP Wiki/Ledger
This Bulletin + Cloud Computing?
Web 2.0/social media platforms may operate using cloud computing environments
Both bulletins should be consulted when developing records management strategies for these environments
NARA Use of Social Media
http://blogs.archives.gov/aotus/
http://blogs.archives.gov/online-public-access/
http://blogs.archives.gov/records-express/
http://twitter.com/NARA_RecMgmt
Transitions?
Look for a new Archives.gov homepage to launch very soonA Charter for Change: Archivist’s Task force on agency
transformation, final report: released October 2010 One NARA: work as one NARA and not just as component parts. Out in Front: Embrace the primacy of electronic information in all
facets of our work and position NARA to lead accordingly. An Agency of Leaders: Foster a culture of leadership, not just as a
position but as the way we all conduct our work. A Great Place to Work: Transform NARA into a great place to work
that trusts and empowers all of our people, the agency’s most vital resource.
A Customer-Focused Organization: Create structures and processes to allow our staff to more effectively meet the needs of our customers.
An Open NARA: Open our organizational boundaries to learn from others.
Thank You!
Contact Information Arian D. Ravanbakhsh Electronic Records Policy Analyst email: [email protected] Follow on Twitter: @adravan