European Commission s Document Management (Policy, IT, Security & Privacy) by Natalia Aristimuño-Pérez EC.DIGIT.B1



Similar documents
A. Document repository services for EU policy support

e-domec Toolkit Q + Some handy tools for good document management Electronic Archiving and Document Management in the European Commission

RULES ON DOCUMENT MANAGEMENT IN THE EUROPEAN PARLIAMENT BUREAU DECISION OF 2 JULY 2012

1. INTRODUCTION Purpose Scope Definitions, Acronyms, and Abbreviations References Overview...

IMPLEMENTING RULES DOCUMENT MANAGEMENT ELECTRONIC AND DIGITISED DOCUMENTS AND EUROPEAN COMMISSION. Brussels, 30 th November 2009 SEC(2009)1643

Institute for Judicial and Legal Studies

Digital Archives Migration Methodology. A structured approach to the migration of digital records

Scope and Explanation

RECORDS MANAGEMENT POLICY

Scotland s Commissioner for Children and Young People Records Management Policy

W H I T E P A P E R E X E C U T I V E S U M M AR Y S I T U AT I O N O V E R V I E W. Sponsored by: EMC Corporation. Laura DuBois May 2010

A. Trusted Exchange Platform (e-trustexchange)

Digital Records Preservation Procedure No.: 6701 PR2

ENTERPRISE CONTENT MANAGEMENT. Which one is best for your organisation?

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

Dematerialisation and document collaboration

Cloud Service Contracts: An Issue of Trust

CONTROL YOUR INFORMATION BEFORE IT CONTROLS YOU

Business 360 Online - Product concepts and features

AV-20 Best Practices for Effective Document and Knowledge Management

Management: A Guide For Harvard Administrators

The challenges of becoming a Trusted Digital Repository

Long-term archiving and preservation planning

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT

Best Archiving Practice Guidance

Implementing an Electronic Document and Records Management System. Key Considerations

3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks;

1 Executive Summary Document Structure Business Context... 5

Achieving a Step Change in Digital Preservation Capability

User Guide to Retention and Disposal Schedules Council of Europe Records Management Project

ENTERPRISE DOCUMENTS & RECORD MANAGEMENT

Entrust Secure Web Portal Solution. Livio Merlo Security Consultant September 25th, 2003

RECORDS MANAGEMENT POLICY

Information Management Policy

The problem of cloud data governance

Digital Marketplace - G-Cloud

Transition Guidelines: Managing legacy data and information. November 2013 v.1.0

Microsoft SharePoint and Records Management Compliance

ENTERPRISE CONTENT MANAGEMENT. Trusted by Government Easy to Use Vast Scalability Flexible Deployment Automate Business Processes

Best Practices for Long-Term Retention & Preservation. Michael Peterson, Strategic Research Corp. Gary Zasman, Network Appliance

Information Management Policy. Retention and Destruction Policy

City of Ryde Drives Business Forward with Enterprise-wide Information Management Solution

International Council on Archives

UNIVERSITY OF MANITOBA PROCEDURE

Enterprise Content Management (ECM) Strategies

Records Management - Council Policy Version 2-28 April Council Policy. Records Management. Table of Contents. Table of Contents... 1 Policy...

Managing the Services Lifecycle SOA & BPM

Transition and Transformation. Transitioning services with minimal risk

Master Data Management Architecture

RECORDS MANAGEMENT POLICY

Corporate Records Management Policy

EU CUSTOMS BUSINESS PROCESS MODELLING POLICY

A Proof of Concept Cloud Based Solution. Mark Evans Tessella Inc. PASIG Austin, TX - January 13 th 2012

PROCESSING & MANAGEMENT OF INBOUND TRANSACTIONAL CONTENT

ANU Electronic Records Management System (ERMS) Manual

North Carolina Digital Preservation Policy. April 2014

Presentation Agenda - Format & Content

Using Enterprise Content Management Principles to Manage Research Assets. Kelly Mannix, Manager Deloitte Consulting Perth, WA.

Council of the European Union Brussels, 24 November 2014 (OR. en)

Migrating digital records

An Approach to Records Management Audit

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

K-Series Guide: Guide to digitising your document and business processing. February 2014 LATEST EDITION

Information Management Advice 27 Managing

Queensland recordkeeping metadata standard and guideline

BIG DATA GOVERNANCE: BALANCING BIG DATA VELOCITY & INFORMATION GOVERNANCE

Council Policy. Records & Information Management

Requirements Specifications for: The Management Action Record System (MARS) for the African Development Bank

Akoma Ntoso in the EU Parliament Amendment Process

Records Management - Department of Health

ETSI TS V1.1.1 ( ) Technical Specification

Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff

EXPLORING THE CAVERN OF DATA GOVERNANCE

Krešimir Meze Omega Software Ltd. Oreškovićeva ulica 25, Zagreb, Croatia

Newcastle University Information Security Procedures Version 3

This document is no longer current. Please go to the following URL for more information:

Questions & Answers. on e-cohesion Policy in European Territorial Cooperation Programmes. (Updated version, May 2013)

DELAWARE PUBLIC ARCHIVES POLICY STATEMENT AND GUIDELINES MODEL GUIDELINES FOR ELECTRONIC RECORDS

Records Management Policy.doc

Streamlining the drug development lifecycle with Adobe LiveCycle enterprise solutions

Record Retention and Digital Asset Management Tim Shinkle Perpetual Logic, LLC

Digital preservation a European perspective

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

REF: RFP No: ECB/HN/1/2014 TERMS OF REFERENCE

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

State of Michigan Records Management Services. Frequently Asked Questions About E mail Retention

Second EUDAT Conference, October 2013 Data Management Plans and Certification Motivation: increasing importance of Data Management Planning

Data Governance Policy. Staff Only Students Only Staff and Students. Vice-Chancellor

CCG: IG06: Records Management Policy and Strategy

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

RECORDKEEPING MATURITY MODEL

Transcription:

European Commission s Document Management (Policy, IT, Security & Privacy) by Natalia Aristimuño-Pérez EC.DIGIT.B1 1

2 Policy Preservation & Archiving

Electronic archiving & of the EC Managing important EC documents in order to be more Productive (good administrative behaviour) Transparent; Accountable; Preserve the institution s memory; data protection; compliance with internal control standards. Started in 2002 Parallel modernisation of document management policy and of the supporting information systems 3

Legal basis for edomec: Commission Decision 2002/47 on document management Commission Decision 2004/563 on electronic and digitised documents Document SEC(2009)1643 on the Implementing rules for the above two decisions Document SEC(2003)903/1 updated in 26/02/2007 with the Common nomenclature including the three first levels of the Institution's filing plan and by the document SEC(2007)970 with the Common Retention List (CRL) for European Commission files 4

SEC(2009)1643 How to manage documents during their «lifecycle»: Chapter II.2 registration SEC(2003)349/1 Chapter II.3 filing : files and filing plan Chapter II.4 preservation: conditions, retention list SEC (2007/970) Chapter II.5 transfer of the files (paper and electronic) to the Historical archives Chapter III electronic documents 5

Organisation of document management in the Commission, the EAs and the EEAS Decision 2002/47, annex, art. 9 & 10 e-domec Steering committee decides of the document SG B2 management defines the doc. rules man. rules Works out functional requirements for DM tools DIGIT develops corporate tools Each Directorate General DG s units IRM IT resource manager DPC data protection controller (decision 2002/47) DMO document management officer CAD Document management centre Specific organisation within each DG registration allocation mail distribution management of current archives and files 6 DPO DPS Data protection officer Data (Commission s level) prot supervisor (interinstitutional) HISTORICAL ARCHIVES Historical archives own organisation

This image cannot currently be displayed. Policy Users' awareness; 7

Lifecycle of a document Production or Reception > Registration > Filing > Preservation > Archives or Elimination Definitions Document: any content drawn up or received by the Commission concerning a matter relating to the policies, activities and decisions falling within the institution's competence and in the framework of its official tasks, in whatever medium (written on paper or stored in electronic form or as a sound, visual or audio-visual recording). File: the core around which the documents are organised in line with the institution's activities, for reasons of proof, justification or information and to guarantee efficiency in the work. 8

Lifecycle of a document Production or Reception > Registration > Filing > Preservation > Archives or Elimination Registration As soon as a document is received or formally drawn up ( ) it shall be analysed with a view to determining what is to be done with it and thus whether or not it must be registered. (Decision 2002/47, annex, art. 4) 9

Lifecycle of a document Production or Reception > Registration > Filing > Preservation > Archives or Elimination Filing Every registered document must be filed; you can also file non registered documents. For the same issue, you can have several «work files», but you must have only one «official file». A document may be filed into several files. Every file must be linked to a terminal heading (and only one) of the Filing Plan. A file has a beginning and an end >> 10

Lifecycle of a document Production or Reception > Registration > Filing > Preservation > Archives or Elimination Retention and archiving All official files must be closed The file must be closed once all the actions triggered by the case are over and when no more documents in the file need to be added to or amended Closed files are transferred to intermediate archives store: a suitable archiving location either within the unit or in the central archives of the DG The administrative retention period (ARP) as prescribed by the Common Retention List (CRL) runs from the date of closure 11

Check that the file is complete e-domec: Chef de file Closure procedure Analyse the documents in the file: Add missing documents (register, list, save, etc.) Weed the file removing any documents that are no longer needed e.g. (background information, and un-official or obsolete working documents) Destroy working files Review any classified documents and declassify them if appropriate Is the file no longer needed for administrative purposes? Close the electronic file Close the accompanying paper file Organise transfer to intermediate archives storage (consult your DMO for DG specific procedures) 12

The Common Retention List (CRL) Gives a list of File categories - 12 main categories with further sub categories Provides a description of the types of files likely to be found under each category and likely contents of such files Prescribes an Administrative Retention Period (ARP) for each file category ARP: (number of years the file should be kept from date of closure) Gives the Action to be taken at the end of the ARP: Transfer to the Historical Archives (HAT) Sampling/Selection (SAM/SEL) Destruction (EL) For files to be transferred to the Historical Archives: Permanent retention (PR) Second appraisal (2nd APP) The Chef de file is noted for future preservation and access decisions 13

Privacy The EU s 1995 Data Protection Directive set a milestone in the history of personal data protection. Its basic principles, ensuring a functioning internal market and an effective protection of the fundamental right of individuals to data protection, are as valid today as they were 17 years ago. But differences in the way that each EU country implements the law have led to an uneven level of protection for personal data, depending on where an individual lives or buys goods and services. The current rules also need to be modernised - they were introduced when the Internet was still in its infancy. Rapid technological developments and globalisation have brought new challenges for data protection. With social networking sites, cloud computing, location based services and smart cards, we leave digital traces with every move we make. In this brave new data world we need a robust set of rules. The EU s data protection reform will make sure our rules are future-proof and fit for the digital age. 14

HPS Hermes Preservation Services. Offers preservation and archiving HAN Hermes Ares Nomcom HERMES Official documents central repository. Implements business rules of edomec (compliance with EC rules & Moreq2) NomCom Web service that provides filing plan services HERMES HRS Hermes Repository services. Offers web services to apps that delegate document management to HERMES or need access to central repository ARES Web user interface. Provides user access to Hermes repository & document management operations 15

HAN Hermes Ares Nomcom HERMES 16

Creating, Registering and Filing documents in ARES Life Cycle Status Saved Saved Filed Saved Filed E-sign Saved Filed E-sign Versionning Registered Filed E-sign Versionning Registered Filed E-sign Versionning Attribution Saved Filed E-sign Version Register Send Attribution I see Doc+attach Doc+attach Doc+attach E-sign Comments Doc+attach + version E-sign Comments Doc+attach No version E-sign Comments Assign Doc+attach Comments No version E-sign Comments I am 17 Creator File Reader Creator Creator E-sign Actors File Reader Creator E-sign Actors File Reader Creator File Reader E-sign Senders - Recipients DG-A DG-B DG-C Creator File Reader Assignment Actors DG-A DG-D DG-R E-sign Sen/Rec

Security in ARES File access rights Stakeholders Markings Recipients 18

Document without marking STAKEHOLDER DOSSIER File reader Author Workflow participants Senders Addressees Registered document Document avec marking STAKEHOLDER DOSSIER File reader Author Workflow participants Senders Addressees MARKING Group Registered document 19

Interoperability: Hermes Repository Services (HRS) Different DGs have applications that need to access the Hermes common repository: i.e. RDIS (DG AGRI) HRS exposes synchronous services allowing applications to communicate with the Hermes repository HRS is an intermediate layer between applications and Hermes repository guarantying common rules and procedures for document management are respected. HRS is an interface to applications as Ares is for end-users; however, HRS scope is limited and it is not intended that HRS covers all functionalities offered by Ares (i.e. administration operations) 20

EC IT Rationalisation New IT corporate governance structure with more involvement of business Streamline business processes Reuse IT systems Communications of 10-2010, 11-2011 Reduce costs IT Rationalisation @EC A new «differentiated IT Strategy» taking into account value, risk and cost economies of scale. IT rationalisation (absorb, integrate, do nothing, best practices) 8 first domains started (Doc.mgmt; HR; SPP; Comm; Finance, assets & grants mgmt; legislation lifecycle) 21

Rationalisation One of the first priority domains, has big potential for rationalisation Roadmap: Re-use HAN through integration Avoid duplication of records management in local systems Absorb business processes into ARES and decommission local systems Ensure scalability & performance Options: absorptions (1 st completed in 10-2011) integrations 22

HAN-HRS-HPS Architecture Overview RDIS SFC2007 AppN HPS 1 HRS EDOMEC Rules Layer Hermes Repository 23

ARES NomCom Apps Apps ESB HERMES Filing Scan Documentum Central Document Repository Register Archival Store Search Common Entity Mgmt Hermes Repository Services Security Workflow Mgmt 24

HAN Building blocks Deployment SFC2007 iflow N UI WEB:ARES JAVA 1.6, Spring, WEBLOGIC 10.0 UI WEB:NomCom JAVA 1.6, ExtJS, WEBLOGIC 10.0 UI WEB:HPS1 JAVA 1.6, ExtJS, WEBLOGIC 10.0 WSs:HRS WS-I 1.1 compliant JAX-WS, JAVA 1.6 WEBLOGIC 10.3 Service layer: HERMES JAVA 1.6,WEBLOGIC 10.0 DOCUMENTUM 6.6 ORACLE 10g File stores 25

Today s HAN Usage 26 Metric ARES users/day ARES users Records created Documents created Workflows Tasks Value >10 K >40 K >2.2 M (150 K/month) >3.4 M (250 K/month) > 2 M > 10 M HAN: EC + Executive Agencies + EEAS ARES use Web service integration 3rd (after email & HR) > 40 systems

HAN. Current functionality Storage & registration (scan, PDF, OCR, metadata & content indexation, stamping) Workflow Search Filing Plan mgmt & filing Preservation services Customisable security, audit trails Reporting Administration tools Outlook integration Organisational data integration HAN HPS Next HAN HPS October 2011. Hermes Preservation services added. Tools to manage retention period for closed files HAN. Tomorrow Complete document lifecycle (preservation, sampling & selection, destruction, historial archives & opening to the public) Extend scalability, external access, workflow, security 27

Preservation & Archiving We receive and draw up documents We register the most «meaningful» Document Registration Filing Document Files We file documents in consistent files, to understand the context of their creation, and to know what s going on Retention We close files when the «question is solved» We keep them to trace our actions Transfer or Sampling/ selection or Elimination When they re no longer of administrative usefulness We decide of their fate 28

Preservation & Archiving Scope and strategy HPS II & III will have to cover the preservation of all Commission s archives and facilitate their opening to the public, independently of format and source The OAIS (Open Archival Information System) is chosen as the model to describe the preservation functionalities to be covered in phases II and III because it: is a recognized international standard for the exchange of archives which need long term preservation, covering everything in terms of content (edomec, non-edomec, paper, electronic,...); enables phasing takes into account the main elements to organise solid digital preservation; offers a framework of actions to be taken for ensuring a long life of our digital files and their metadata. 29

Preservation & Archiving Archival policy EC internal policy aims: to put in place the legal framework, strategies and procedures that allow the Commission to manage its archives and to open them to the public after thirty years. Strategy with regard to archives as well as external co-operation and coordination. Externally, the Commission's archival policy aims: to promote cooperation on archives with and between the member states as well as with the other EU institutions and international archival bodies. By co-chairing and providing the secretariat of the European Archives Group which is comprised of high level experts from all the Member States and the European institutions; maintains close relations with the DLM Forum and is represented on the MoReq Governance Board; works together with the other EU institutions in the inter-institutional working group on archives. 30

Preservation & Archiving Approach and key elements taken into account Due to security considerations, a separate IT environment and application will be required for electronic Commission archives that are open to the public Very broad scope iterative approach to be able to focus on a narrow, precise set of goals Priority for the ingestion of HERMES content (as there is a stable process in place for non-electronic content based on Archis) Transfer of electronic content to HAS must be solved for: Adonis Systems with files attached to NomCom Systems with no files attached to NomCom Parallel subprojects for Historical Archives Management System (HAMS) development, integration of source systems and migration of the Archis content 31

Preservation & Archiving List of EC rules and main (not all) standards to comply with EC rules on document management Archival description standards Archival metadata standards ISAD (G): General International Standard Archival Description http://www.ica.org/10207/standards/isadg-general-international-standard-archival-description-secondedition.html ISAAR (CPF): International Standard Archival Authority Record for Corporate Bodies, Persons and Families http://www.ica.org/10203/standards/isaar-cpf-international-standard-archival-authority-record-forcorporate-bodies-persons-and-families-2nd-edition.html ISDF: International Standard for Describing Functions http://www.ica.org/10208/standards/isdf-international-standard-for-describing-functions.html OAIS: Reference Model for an Open Archival Information System http://public.ccsds.org/publications/archive/650x0b1.pdf MoReq2010: Modular Requirements for Records Systems http://moreq2010.eu/pdf/moreq2010_vol1_v1_1_en.pdf 32

Preservation & Archiving OAIS as preservation description model 33

Preservation & Archiving European Commission Historical Archives Remembering the past, to build a better future 34

35 Policy Preservation & Archiving

36