Benchmarking Report on
Business Process Analysis and Systems Design
for Electronic Recordkeeping - Section 2.3
|2.3||Minnesota Historical Society/Minnesota State Archives: Trustworthy Information Systems Handbook http://www.mnhs.org/preserve/records/tis/tis.html|
The Minnesota State Archives is part of the Minnesota Historical Society. Neither the Minnesota Historical Society nor the State Archives are units of the state government. The Minnesota Historical Society's major lines of business are library/museum operations, operating the state historic preservation office, operating the state archives, and operating historical sites statewide. The State Archives collaborates with many state agencies, local governments, and other partners to acquire historically valuable state government records.
The Minnesota State Archives is not responsible for records management in the state government and has never offered records management services for state agencies. Centralized records management policies, procedures, and oversight is a responsibility of the Department of Administration, and is usually implemented at the agency level by designated records staff on either a full-time or limited-duty basis depending on the needs of the agency. Statewide IT policy and support is located in the Office of Technology, and is fairly decentralized. IT governance in the state oscillates in position and authority with changes in administration, and is sometimes complicated by staff turnover in the Chief Information Officer's office. Most records management and electronic records management is done on an agency-by-agency basis. The State Archives received formal support and backing from the state administration to develop electronic records management guidelines and the Trustworthy Information Systems (TIS) Handbook, but a variety of agencies also cooperated generously in the effort. The National Historical Publications and Records Commission (NHPRC) provided funding for the project.
The TIS Handbook is very much a "do it yourself" guide to developing new IT systems and developing appropriate electronic recordkeeping requirements. The State Archives developed TIS and several other tools that agencies can use on their own, as they see fit, to meet their business needs. The Archives meets with customers and stakeholders in agencies as an advocate, but not to "do" records management or electronic records management. Rather, their focus is on advocacy, education, discussing problems, identifying needs, finding ways to collaborate, and in pointing to or in some cases developing tools (such as the TIS handbook) agencies can use themselves to successfully accomplish electronic recordkeeping and assure that trustworthy IT systems are developed.
Trustworthy Information Systems (TIS) Handbook. Electronic recordkeeping requirements and trustworthy system design are accomplished by using TIS to help determine what system and recordkeeping requirements are appropriate within the business context, e.g., by determining what system and recordkeeping functionality is "trustworthy enough" for the specific business environment. The TIS Handbook outlines a decision-making process for building trustworthy systems that is based on meeting agency, public accountability, and business needs. Recordkeeping requirements are included in a larger list of business requirements because TIS is used as part of a broader business process analysis, which is not limited only to recordkeeping. The handbook helps systems developers, program managers and staff, records managers and others develop trustworthy systems that support accountability of officials to citizens and to protect legal rights. The TIS Handbook guides users through a six-step process to assure that trustworthy IT systems are developed and that they produce authentic, reliable, and accessible information.
Records management task supported
The TIS Handbook contains questions that encourage analysis similar to that done during business process analysis and also provides a checklist of criteria for trustworthy information systems, so it is a hybrid of both approaches. It offers a "do it yourself" approach and does not assume that the TIS process will be incorporated into a formal agency systems development life cycle or electronic recordkeeping certification process. The TIS is available to all potential users online (at http://www.mnhs.org/preserve/records/tis/tableofcontents.html), and the State Archives recommends that all state agencies use it when they are designing new IT systems. The Archives works with TIS users when there is a good reason to do so and if challenges, opportunities, and resources warrant. In these cases, Archives staff may be brought in to provide broad advice or assistance to the project, or educate users about electronic records that are potentially permanent and would be candidates for the Archives.
Some of the criteria agencies might use to build trustworthy information systems are an examination of the agency's legal profile for risk, whether or not information is being passed across administrative boundaries, whether the system is part of a major e-government project, and whether the agency has been sued or if previous or pending litigation has identified serious recordkeeping or electronic system weaknesses. Ideally, the Archives recommends that agencies regard TIS and the development of electronic recordkeeping requirements in terms of a larger business process analysis project. TIS can be used as a component of a business process analysis project when recordkeeping is a topic of discussion or an identified business need. Ideally the business process analysis project team is aware of TIS and electronic recordkeeping from the beginning, and can plan for it to be included appropriately in the analysis process. Using the TIS Handbook can also be iterative as well, starting with an awareness of recordkeeping concerns at the beginning, and leading to a series of discussions or decisions in the systems development process to identify recordkeeping and IT system requirements as they arise.
The TIS Handbook is useful to information systems developers, policy makers, program managers, records and information managers, and current and future system users; it helps them develop trustworthy information systems that can support accountability of elected officials to citizens by creating reliable, authentic, and accessible information and records. The handbook encourages collaboration among a variety of people with diverse sets of skills and expertise. Ideally, teams of agency personnel with a range of skills and knowledge will work together in this process. The team should include people who have: knowledge of agency and local government business, policy, and procedures; knowledge of information access and data practices; and skills in computing, information technology, and information systems design.
Benefits and Strengths
The TIS Handbook is a very well-written and non-technical handbook that is easy to understand for people with little or no recordkeeping knowledge or IT systems development experience. Its "do it yourself" approach appeals to agencies that do not have elaborate IT infrastructures or staff with knowledge of electronic records management. TIS may be an excellent mechanism for records managers to invigorate an electronic records program that is not adequately supported, or for records managers to lead or participate in a TIS project team. The handbook itself is only about 35 pages long (excluding the glossary, a very extensive bibliography, and the appendices). It is very user-friendly, written in short sections that are non-technical, clear and to the point, and which require almost no further interpretation to understand the methodology. Further, it is very well structured, using sidebars titled "Did You Know" and "Consider This" to illustrate important points and to provide examples. It does such a good job explaining the importance of electronic records management to an IT audience that the handbook could be used by records managers as a communication or education tool for IT staff.
The TIS questions and checklist encourage a team approach to identifying system and recordkeeping requirements, examining the business process, and building trustworthy IT systems. Following the checklist and responding to the questions leads the team through a modified business process analysis project, as well as an electronic recordkeeping requirements definition project.
TIS "Section 9: Criteria for Trustworthy Information Systems" is very good at explaining specific criteria such as system documentation, security, audit trails, disaster recovery plans, and metadata. The TIS "Appendix E: Legal Issues Affecting Electronic Records Management" is particularly strong in examining legal issues such as inappropriate destruction of records, evidence, discovery, privacy, intellectual property, and the like. There is a separate Legal Risk Analysis Tool that is available online at http://www.mnhs.org/preserve/records/tis/Legalriskoptions.html. While this legal risk tool is specifically written from the perspective of Minnesota laws, it is framed in a general way so as to be helpful to anyone in the litigation, risk management, and records and information management professions.
For environments where records management has a strong presence and there are rigorous electronic records management and system development procedures already in place, TIS may be too user-friendly and customer-centric. For instance, with a "do-it-yourself" guide there is a possibility that professional records and information managers will be left out of the systems development picture entirely, without representation on a TIS project team. Some TIS users may not see the TIS criteria as especially important in helping identify their business needs, and the flexibility and self-service nature of TIS leaves the decision on using the criteria and the handbook up to them.
Environment for which it is suited
Because of its clarity and good explanation of why trustworthy information systems are worthwhile, TIS could help records managers communicate with IT staff and establish a good working relationship between the two groups. TIS is ideal for organizations that are planning an IT system with no formal process to serve as a guide, have limited resources, or have not thought in depth about their business needs, trustworthy IT systems, and their electronic recordkeeping requirements. TIS would work very well in environments where there are decentralized IT development policies and procedures, and in organizations that do not have formally developed systems development life cycle procedures or enterprise architecture considerations. It should be noted, however, that all of the TIS concepts can also be readily integrated into more formal IT development procedures, and used in highly structured IT shops, and by the professional IT staff who are usually responsible for systems development and architecture.
Significance to NARA
The TIS Handbook is a practical, easy-to-understand guide for developing trustworthy information systems in any organization, but especially in those that do not already have a sophisticated, standardized systems development program. Although TIS was developed for the State of Minnesota, it could be adapted for other legal and regulatory environments. (It has already been adapted by other states.) TIS could easily be used to develop new IT systems in small or medium-sized organizations, and could be adopted as a standard or guideline for use by contractors, IT staff, program staff, and senior managers to assure that electronic recordkeeping requirements are considered in the systems development process. Of special note is the "hybrid" approach used by the TIS Handbook to conducting both a business process analysis project and using a checklist of predefined electronic recordkeeping requirements. While TIS does not utilize a formal business process analysis methodology, the TIS questions, checklist, recordkeeping criteria, and the Legal Risk Analysis Tool integrate many of the most significant elements of a formal business process analysis into the development of trustworthy information systems.