European Commission s Document Management (Policy, IT, Security & Privacy) by Natalia Aristimuño-Pérez EC.DIGIT.B1

European Commission s Document Management (Policy, IT, Security & Privacy) by Natalia Aristimuño-Pérez EC.DIGIT.B1 1

2 Policy Preservation & Archiving

Electronic archiving & of the EC Managing important EC documents in order to be more Productive (good administrative behaviour) Transparent; Accountable; Preserve the institution s memory; data protection; compliance with internal control standards. Started in 2002 Parallel modernisation of document management policy and of the supporting information systems 3

Legal basis for edomec: Commission Decision 2002/47 on document management Commission Decision 2004/563 on electronic and digitised documents Document SEC(2009)1643 on the Implementing rules for the above two decisions Document SEC(2003)903/1 updated in 26/02/2007 with the Common nomenclature including the three first levels of the Institution's filing plan and by the document SEC(2007)970 with the Common Retention List (CRL) for European Commission files 4

SEC(2009)1643 How to manage documents during their «lifecycle»: Chapter II.2 registration SEC(2003)349/1 Chapter II.3 filing : files and filing plan Chapter II.4 preservation: conditions, retention list SEC (2007/970) Chapter II.5 transfer of the files (paper and electronic) to the Historical archives Chapter III electronic documents 5

Organisation of document management in the Commission, the EAs and the EEAS Decision 2002/47, annex, art. 9 & 10 e-domec Steering committee decides of the document SG B2 management defines the doc. rules man. rules Works out functional requirements for DM tools DIGIT develops corporate tools Each Directorate General DG s units IRM IT resource manager DPC data protection controller (decision 2002/47) DMO document management officer CAD Document management centre Specific organisation within each DG registration allocation mail distribution management of current archives and files 6 DPO DPS Data protection officer Data (Commission s level) prot supervisor (interinstitutional) HISTORICAL ARCHIVES Historical archives own organisation

This image cannot currently be displayed. Policy Users' awareness; 7

Lifecycle of a document Production or Reception > Registration > Filing > Preservation > Archives or Elimination Definitions Document: any content drawn up or received by the Commission concerning a matter relating to the policies, activities and decisions falling within the institution's competence and in the framework of its official tasks, in whatever medium (written on paper or stored in electronic form or as a sound, visual or audio-visual recording). File: the core around which the documents are organised in line with the institution's activities, for reasons of proof, justification or information and to guarantee efficiency in the work. 8

Lifecycle of a document Production or Reception > Registration > Filing > Preservation > Archives or Elimination Registration As soon as a document is received or formally drawn up ( ) it shall be analysed with a view to determining what is to be done with it and thus whether or not it must be registered. (Decision 2002/47, annex, art. 4) 9

Lifecycle of a document Production or Reception > Registration > Filing > Preservation > Archives or Elimination Filing Every registered document must be filed; you can also file non registered documents. For the same issue, you can have several «work files», but you must have only one «official file». A document may be filed into several files. Every file must be linked to a terminal heading (and only one) of the Filing Plan. A file has a beginning and an end >> 10

Lifecycle of a document Production or Reception > Registration > Filing > Preservation > Archives or Elimination Retention and archiving All official files must be closed The file must be closed once all the actions triggered by the case are over and when no more documents in the file need to be added to or amended Closed files are transferred to intermediate archives store: a suitable archiving location either within the unit or in the central archives of the DG The administrative retention period (ARP) as prescribed by the Common Retention List (CRL) runs from the date of closure 11

Check that the file is complete e-domec: Chef de file Closure procedure Analyse the documents in the file: Add missing documents (register, list, save, etc.) Weed the file removing any documents that are no longer needed e.g. (background information, and un-official or obsolete working documents) Destroy working files Review any classified documents and declassify them if appropriate Is the file no longer needed for administrative purposes? Close the electronic file Close the accompanying paper file Organise transfer to intermediate archives storage (consult your DMO for DG specific procedures) 12

The Common Retention List (CRL) Gives a list of File categories - 12 main categories with further sub categories Provides a description of the types of files likely to be found under each category and likely contents of such files Prescribes an Administrative Retention Period (ARP) for each file category ARP: (number of years the file should be kept from date of closure) Gives the Action to be taken at the end of the ARP: Transfer to the Historical Archives (HAT) Sampling/Selection (SAM/SEL) Destruction (EL) For files to be transferred to the Historical Archives: Permanent retention (PR) Second appraisal (2nd APP) The Chef de file is noted for future preservation and access decisions 13

Privacy The EU s 1995 Data Protection Directive set a milestone in the history of personal data protection. Its basic principles, ensuring a functioning internal market and an effective protection of the fundamental right of individuals to data protection, are as valid today as they were 17 years ago. But differences in the way that each EU country implements the law have led to an uneven level of protection for personal data, depending on where an individual lives or buys goods and services. The current rules also need to be modernised - they were introduced when the Internet was still in its infancy. Rapid technological developments and globalisation have brought new challenges for data protection. With social networking sites, cloud computing, location based services and smart cards, we leave digital traces with every move we make. In this brave new data world we need a robust set of rules. The EU s data protection reform will make sure our rules are future-proof and fit for the digital age. 14

HPS Hermes Preservation Services. Offers preservation and archiving HAN Hermes Ares Nomcom HERMES Official documents central repository. Implements business rules of edomec (compliance with EC rules & Moreq2) NomCom Web service that provides filing plan services HERMES HRS Hermes Repository services. Offers web services to apps that delegate document management to HERMES or need access to central repository ARES Web user interface. Provides user access to Hermes repository & document management operations 15

HAN Hermes Ares Nomcom HERMES 16

Creating, Registering and Filing documents in ARES Life Cycle Status Saved Saved Filed Saved Filed E-sign Saved Filed E-sign Versionning Registered Filed E-sign Versionning Registered Filed E-sign Versionning Attribution Saved Filed E-sign Version Register Send Attribution I see Doc+attach Doc+attach Doc+attach E-sign Comments Doc+attach + version E-sign Comments Doc+attach No version E-sign Comments Assign Doc+attach Comments No version E-sign Comments I am 17 Creator File Reader Creator Creator E-sign Actors File Reader Creator E-sign Actors File Reader Creator File Reader E-sign Senders - Recipients DG-A DG-B DG-C Creator File Reader Assignment Actors DG-A DG-D DG-R E-sign Sen/Rec

Security in ARES File access rights Stakeholders Markings Recipients 18

Document without marking STAKEHOLDER DOSSIER File reader Author Workflow participants Senders Addressees Registered document Document avec marking STAKEHOLDER DOSSIER File reader Author Workflow participants Senders Addressees MARKING Group Registered document 19

Interoperability: Hermes Repository Services (HRS) Different DGs have applications that need to access the Hermes common repository: i.e. RDIS (DG AGRI) HRS exposes synchronous services allowing applications to communicate with the Hermes repository HRS is an intermediate layer between applications and Hermes repository guarantying common rules and procedures for document management are respected. HRS is an interface to applications as Ares is for end-users; however, HRS scope is limited and it is not intended that HRS covers all functionalities offered by Ares (i.e. administration operations) 20

EC IT Rationalisation New IT corporate governance structure with more involvement of business Streamline business processes Reuse IT systems Communications of 10-2010, 11-2011 Reduce costs IT Rationalisation @EC A new «differentiated IT Strategy» taking into account value, risk and cost economies of scale. IT rationalisation (absorb, integrate, do nothing, best practices) 8 first domains started (Doc.mgmt; HR; SPP; Comm; Finance, assets & grants mgmt; legislation lifecycle) 21

Rationalisation One of the first priority domains, has big potential for rationalisation Roadmap: Re-use HAN through integration Avoid duplication of records management in local systems Absorb business processes into ARES and decommission local systems Ensure scalability & performance Options: absorptions (1 st completed in 10-2011) integrations 22

HAN-HRS-HPS Architecture Overview RDIS SFC2007 AppN HPS 1 HRS EDOMEC Rules Layer Hermes Repository 23

ARES NomCom Apps Apps ESB HERMES Filing Scan Documentum Central Document Repository Register Archival Store Search Common Entity Mgmt Hermes Repository Services Security Workflow Mgmt 24

HAN Building blocks Deployment SFC2007 iflow N UI WEB:ARES JAVA 1.6, Spring, WEBLOGIC 10.0 UI WEB:NomCom JAVA 1.6, ExtJS, WEBLOGIC 10.0 UI WEB:HPS1 JAVA 1.6, ExtJS, WEBLOGIC 10.0 WSs:HRS WS-I 1.1 compliant JAX-WS, JAVA 1.6 WEBLOGIC 10.3 Service layer: HERMES JAVA 1.6,WEBLOGIC 10.0 DOCUMENTUM 6.6 ORACLE 10g File stores 25

Today s HAN Usage 26 Metric ARES users/day ARES users Records created Documents created Workflows Tasks Value >10 K >40 K >2.2 M (150 K/month) >3.4 M (250 K/month) > 2 M > 10 M HAN: EC + Executive Agencies + EEAS ARES use Web service integration 3rd (after email & HR) > 40 systems

HAN. Current functionality Storage & registration (scan, PDF, OCR, metadata & content indexation, stamping) Workflow Search Filing Plan mgmt & filing Preservation services Customisable security, audit trails Reporting Administration tools Outlook integration Organisational data integration HAN HPS Next HAN HPS October 2011. Hermes Preservation services added. Tools to manage retention period for closed files HAN. Tomorrow Complete document lifecycle (preservation, sampling & selection, destruction, historial archives & opening to the public) Extend scalability, external access, workflow, security 27

Preservation & Archiving We receive and draw up documents We register the most «meaningful» Document Registration Filing Document Files We file documents in consistent files, to understand the context of their creation, and to know what s going on Retention We close files when the «question is solved» We keep them to trace our actions Transfer or Sampling/ selection or Elimination When they re no longer of administrative usefulness We decide of their fate 28

Preservation & Archiving Scope and strategy HPS II & III will have to cover the preservation of all Commission s archives and facilitate their opening to the public, independently of format and source The OAIS (Open Archival Information System) is chosen as the model to describe the preservation functionalities to be covered in phases II and III because it: is a recognized international standard for the exchange of archives which need long term preservation, covering everything in terms of content (edomec, non-edomec, paper, electronic,...); enables phasing takes into account the main elements to organise solid digital preservation; offers a framework of actions to be taken for ensuring a long life of our digital files and their metadata. 29

Preservation & Archiving Archival policy EC internal policy aims: to put in place the legal framework, strategies and procedures that allow the Commission to manage its archives and to open them to the public after thirty years. Strategy with regard to archives as well as external co-operation and coordination. Externally, the Commission's archival policy aims: to promote cooperation on archives with and between the member states as well as with the other EU institutions and international archival bodies. By co-chairing and providing the secretariat of the European Archives Group which is comprised of high level experts from all the Member States and the European institutions; maintains close relations with the DLM Forum and is represented on the MoReq Governance Board; works together with the other EU institutions in the inter-institutional working group on archives. 30

Preservation & Archiving Approach and key elements taken into account Due to security considerations, a separate IT environment and application will be required for electronic Commission archives that are open to the public Very broad scope iterative approach to be able to focus on a narrow, precise set of goals Priority for the ingestion of HERMES content (as there is a stable process in place for non-electronic content based on Archis) Transfer of electronic content to HAS must be solved for: Adonis Systems with files attached to NomCom Systems with no files attached to NomCom Parallel subprojects for Historical Archives Management System (HAMS) development, integration of source systems and migration of the Archis content 31

Preservation & Archiving List of EC rules and main (not all) standards to comply with EC rules on document management Archival description standards Archival metadata standards ISAD (G): General International Standard Archival Description http://www.ica.org/10207/standards/isadg-general-international-standard-archival-description-secondedition.html ISAAR (CPF): International Standard Archival Authority Record for Corporate Bodies, Persons and Families http://www.ica.org/10203/standards/isaar-cpf-international-standard-archival-authority-record-forcorporate-bodies-persons-and-families-2nd-edition.html ISDF: International Standard for Describing Functions http://www.ica.org/10208/standards/isdf-international-standard-for-describing-functions.html OAIS: Reference Model for an Open Archival Information System http://public.ccsds.org/publications/archive/650x0b1.pdf MoReq2010: Modular Requirements for Records Systems http://moreq2010.eu/pdf/moreq2010_vol1_v1_1_en.pdf 32

Preservation & Archiving OAIS as preservation description model 33

Preservation & Archiving European Commission Historical Archives Remembering the past, to build a better future 34

35 Policy Preservation & Archiving

36