CMS IT - Requirements For Electronic Storage



Similar documents
Section 28.1 Purpose. Section 28.2 Background. DOT Order Records Management. CIOP Chapter RECORDS MANAGEMENT

This policy is not designed to use systems backup for the following purposes:

CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006)

BPA Policy Information Governance & Lifecycle Management

September 15, 2014 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES AND INDEPENDENT AGENCIES

Identify and Protect Your Vital Records

Office of IT Planning, Architecture, and E-Government Office of the Chief Information Officer

PRIVACY IMPACT ASSESSMENT

Encryption Security Standard

DEPARTMENT OF THE NAVY RECORDS MANAGEMENT PROGRAM

Department of Defense INSTRUCTION

DIA Records Management Program

INFORMATION MANAGEMENT

5 FAM 440 ELECTRONIC RECORDS, FACSIMILE RECORDS, AND ELECTRONIC MAIL RECORDS

Transmittal Memo. SUBJECT: AGENCY POLICY 801 Capstone Records Management Policy

CMS Operational Policy for Infrastructure Router Security

CMS Operational Policy for Separation of Duties for System Security Administration and Auditing

BACKUP POLICY Date: 04/12/2009

College of Agriculture and Life Sciences Guidelines

CMS Policy for Configuration Management

Information Security Program Management Standard

METRO REGIONAL GOVERNMENT Records Retention Schedule

5 FAM 400 RECORDS MANAGEMENT

ensure compliance with applicable statutes, regulations, and rules regarding data retention and management;

Review of Document Imaging Railroad Unemployment Insurance Act Programs Report No , November 17, 2000

ARTICLE 10. INFORMATION TECHNOLOGY

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

Agenda. Overview Configuring the database for basic Backup and Recovery Backing up your database Restore and Recovery Operations Managing your backups

Why should the CSU have a records/information retention and disposition policy?

September Tsawwassen First Nation Policy for Records and Information Management

OFFICE OF CHIEF COUNSEL OPERATION R.E.D. GUIDANCE

BPA Policy Systems User Policies

Department of Homeland Security Management Directives System MD Number: Issue Date: 03/01/2003 DHS USAGE

Records Management Policy. EPA Classification No.: CIO CIO Approval Date: 02/10/2015. CIO Transmittal No.: Review Date: 02/10/2018

Document Management Plan Preparation Guidelines

Name of System/Application: Customer Relationship Management (CRM) Program Office: Office of the Chief Information Officer (CIO)

Computer System Retirement Guidelines

POLICY AND GUIDELINES FOR THE MANAGEMENT OF ELECTRONIC RECORDS INCLUDING ELECTRONIC MAIL ( ) SYSTEMS

Computer Security Policy (Interim)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

RUTGERS POLICY. Approval Authority: Executive Vice President for Academic Affairs and Senior Vice President for Administration

Records Management. Training 101

2.1 To define the backup strategy for systems and data within the Cape Winelands District Municipality (CWDM).

UNIVERSITY OF MASSACHUSETTS RECORD MANAGEMENT, RETENTION AND DISPOSITION POLICY

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES

BUDGET LETTER PEER-TO-PEER FILE SHARING , , EXECUTIVE ORDER S-16-04

FARMINGTON PUBLIC SCHOOLS 2410

CENTER FOR NUCLEAR WASTE REGULATORY ANALYSES

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

PBGC-10: Administrative Appeals File

4) Suspension of Record Disposal In Event of Litigation or Claims

Information Resources Security Guidelines

BACKUP AND CONTIGENCY PLANS (DISASTER RECOVERY)

0'is not required D is attached; or D has been requested.

University of Louisiana System

State HIPAA Security Policy State of Connecticut

Department of Defense INSTRUCTION

Connecticut Sports Foundation, Inc. (CSF) RECORD RETENTION AND DESTRUCTION POLICY

University of Wisconsin-Madison Policy and Procedure

Our Kids Information Technology Department IT Backup and Restore Procedure

Administration Department. {Insert Name of Organization} Operating Policy Record Retention and Destruction

HIPAA Security. assistance with implementation of the. security standards. This series aims to

Local Area Networking

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

FHFA. Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME)

NOTICE: This publication is available at:

CMS Operational Policy for Data Access Management

POLICY STATEMENT Commonwealth of Pennsylvania Department of Corrections

Recovering Microsoft Exchange Server Data

Department of the Interior Privacy Impact Assessment Template

Acronis Backup & Recovery 11

Electronic Record Management Guidelines for Arkansas State Government. Developed by the Arkansas Records Retention Workgroup

Security Framework Information Security Management System

Department of the Interior Privacy Impact Assessment Template

Acronis Backup & Recovery 10 Server for Windows. Workstation. Quick Start Guide

Document Management or Records Management Systems - Which Will Best Help You Satisfy Your Enterprise Information Asset Management Requirements?

Preservation and Production of Electronic Records

NCI-Frederick Safety and Environmental Compliance Manual 03/2013

U.S. Department of Energy Washington, D.C.

Records Management Electronic Records and Electronic Discovery

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012

ELECTRONIC SIGNATURES AND MANAGEMENT OF ELECTRONICALLY SIGNED RECORDS

Electronic Records Management in the City of Philadelphia

Policy No: TITLE: EFFECTIVE DATE: CANCELLATION: REVIEW DATE:

Accelerating HIPAA Compliance with EMC Healthcare Solutions

How To Backup An Rssql Database With A Backup And Maintenance Wizard

PRIVACY IMPACT ASSESSMENT TEMPLATE

EPA Classification No.: CIO P-09.1 CIO Approval Date: 08/06/2012 CIO Transmittal No.: Review Date: 08/06/2015

WHITE PAPER ONTRACK POWERCONTROLS. Recovering Microsoft Exchange Server Data

Basic Records Management Practices for Saskatchewan Government*

Subject: Information Technology Configuration Management Manual

Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721

Revision Date: October 16, 2014 Effective Date: March 1, Approved by: BOR Approved on date: October 16, 2014

To: NATIONAL ARCHIVES & RECORDS ADMINISTRATION Date received 8601 ADELPHI ROAD COLLEGE PARK, MD /lfitJZ

Electronic Records Management Guidelines

efolder White Paper: Dedicated File Backup vs. File Sync Backup: 5 Questions MSPs Should Ask to Determine the Best Backup Solution for Their Clients

Frequently Asked Questions (FAQs) about GRS 3.1, General Technology Management Records

STATE OF WYOMING Electronic Mail Policy

Transcription:

Chief Information Officer Office of Information Services Centers for Medicare & Medicaid Services CMS Operational Policy for Disk Space Storage Management August 2004 Document Number: CMS-CIO-POL-INF02-01

TABLE OF CONTENTS 1. PURPOSE...1 2. BACKGROUND...1 3. SCOPE...2 4. OPERATIONAL POLICY...2 4.A. ACCEPTABLE STORAGE MATERIAL... 2 4.B. STORAGE LIMITATIONS... 2 4.C. STORAGE RETENTION... 3 4.D. BACKUP AND RECOVERY... 3 5. ROLES AND RESPONSIBILITIES...4 5.A. USERS... 4 5.B. CMS COMPONENTS... 4 5.C. OFFICE OF INFORMATION SERVICES (OIS)/ TECHNOLOGY MANAGEMENT GROUP (TMG)... 5 5.D. IT INFRASTRUCTURE IMPLEMENTATION AGENT OR CONTRACTOR... 5 6. APPLICABLE LAWS/GUIDANCE...5 7. EFFECTIVE DATES...5 8. INFORMATION AND ASSISTANCE...6 9. APPROVED...6 10. ATTACHMENTS...6 i

1. PURPOSE This document establishes an operational policy for end-user disk space storage management in the office automation environment at the Centers for Medicare & Medicaid Services (CMS). 2. BACKGROUND Electronic disk space storage is a critical element within CMS IT infrastructure, which is essential to supporting the accomplishment of CMS mission. This vital resource is utilized daily by CMS network users to store and to share documents, information, data, files, and Agency records electronically. Electronic disk space storage is, however, a limited resource within CMS IT infrastructure, which must be managed in order to ensure that the resource is available to all users when it is needed. The Federal Records Act of 1950, as amended, requires all Federal agencies to make and preserve records that document their organization, function, policies, decisions, procedures, and essential transactions. Records are broadly defined by statute and regulation to include all recorded information, regardless of medium or format, and therefore include files that are stored electronically. As required by law (36 CFR 1228.50), Federal agency records may not be destroyed without prior approval from the Archivist of the United States. This approval authority is provided in the form of the National Archives and Records Administration (NARA) General Record Schedules and the CMS Records Schedule. These schedules define Agency records and provide instructions for their retention, transfer, retirement, or destruction. Only a litigation-related directive can override the retention time frames set forth in these Schedules. All CMS employees are responsible for ensuring that Agency record retention/disposition actions agree with these Schedules, which includes the appropriate retention/disposition of all documents, information, data, and files that are stored on or removed from network disk space storage. The following are the primary network drives that provide users with access to CMS available disk space for electronic storage: HOME Drive The HOME drive contains directories that are dedicated to individual CMS users. A user s HOME drive is a private storage location on the network where only the individual user has been granted access. The purpose of the HOME directory is to provide users with storage space for files for which only they have access. A user s HOME directory is not shared with other users. On the CMS network, an individual s HOME drive is also known as the F: drive. SHARE Drive The SHARE drive contains directories that are dedicated to various CMS business components. The SHARE drive is a shared storage location for users within a CMS component, for which only users within that component can access the files. On the CMS network, a component s SHARE drive is also known as the G: drive. 1

GLOBAL Drive The GLOBAL drive is a general access location. All CMS business components have access to this drive for file storage. The purpose of the GLOBAL drive is to facilitate file sharing between components. On the CMS network, the GLOBAL drive includes the H:, I:, and N: drives. Users are encouraged to store all data on network storage (HOME, SHARE, and GLOBAL drives). All data residing on network storage are regularly backed up, and as a result, can be recovered if necessary within established timeframes. Local disk storage on individual workstations (i.e., A:, C:, and D: drives) are not backed up, and thus, data will be lost if the workstation s local disk fails. The CMS network also houses the APPS drive, which provides access to shared applications. On the CMS network, the APPS drive includes the U:, W:, X:, Y:, and Z: drives. Users do not have direct access to the APPS drive for electronic storage, and thus must obtain assistance from the CMS IT Service Desk when electronic storage on the APPS drive is necessary. 3. SCOPE This operational policy applies to all users of CMS IT infrastructure, including contractors or other business partners, where IT infrastructure is provided by the Office of Information Services (OIS). 4. OPERATIONAL POLICY 4.A. Acceptable Storage Material All business-related material is acceptable for storage on the CMS network storage drives. Users are prohibited from downloading and storing unauthorized and/or unlicensed, copyrighted material (e.g., music, art, literature, or software), whether the files are stored on the network servers, desktop workstation, or on removable media such as diskettes. Users are prohibited from storing application software and/or copies of CD-ROMs on the HOME, SHARE, or GLOBAL drives. In order to have an application installed on the APPS drive, users are to call the CMS IT Service Desk for assistance. 4.B. Storage Limitations The following defines limitations for disk space storage on the primary CMS network drives: HOME Drive: Users will be assigned a limit of 250 MB of storage for their personal directory on the HOME drive. When a HOME drive is within 10MB of the limit, a warning message will be displayed on the user s computer screen. The warning message 2

is a reminder to review the files stored on the HOME drive and remove any files that are no longer needed in order to free up storage space. NOTE: Exceptions to the HOME drive storage limit will be considered if alternate solutions (e.g., storing data on off-line media) will not suffice, and a sufficient, business-related justification is provided. SHARE Drive: CMS business components will be assigned a limit for the amount of storage allocated to their SHARE drive. GLOBAL Drive: There is no space limit assigned to the GLOBAL drive. APPS Drive: There is no space limit assigned to the APPS drive. 4.C. Storage Retention The following defines the amount of time that files can remain on CMS network disk space storage while not being accessed: HOME Drive: There is no retention limit assigned to the HOME drive. SHARE Drive: There is no retention limit assigned to the SHARE drive. GLOBAL Drive: Files on the GLOBAL drive that have not been accessed within two (2) years will be deleted from the GLOBAL drive and no longer accessible unless the user takes appropriate action for alternative storage prior to the deletion. APPS Drive: There is no retention limit assigned to the APPS drive. Users are required to ensure that the retention/disposition of all electronic material stored on or removed from CMS network disk space storage is managed in accordance with the CMS Records Schedule and the NARA General Record Schedules. This includes ensuring appropriate retention/disposition of all electronic material that is slated for deletion from the GLOBAL drive, if not accessed within the allotted two-year timeframe. 4.D. Backup and Recovery All material stored on the CMS network drives is regularly backed up for possible recovery in the event of a loss. Material stored on local disk storage on an individual workstation is not backed up, and is thus unrecoverable in the event of a loss. In order to obtain files that have been removed from HOME, SHARE, GLOBAL, or APPS drives, users are to call the CMS IT Service Desk for assistance. If a file is deleted (whether by mistake or is found, after the fact, to be needed), it may be restored from a network backup, provided that the restore request is initiated within three (3) 3

weeks of the deletion. After the three-week recovery period is passed, any deleted file will no longer be recoverable. 5. ROLES AND RESPONSIBILITIES The following entities have responsibilities related to the implementation of this operational policy: 5.A. Users The Users of CMS network disk space storage are responsible for the following activities: Adhering to the operational policy set forth in this document for what material is acceptable for electronic storage at CMS; Managing the files stored on the User s HOME drive so as to remain within the space that has been allocated to the User; Requesting an exception, if needed, to the standard HOME drive storage space limit in accordance with the appropriate procedures (see Attachment Section below); Managing the use of disk space storage resources to ensure that material that is no longer needed is removed from HOME, SHARE, and GLOBAL storage; Ensuring that the retention/disposition of electronic material stored on or removed from CMS network disk space storage is managed in accordance with the NARA General Record Schedules and the CMS Records Schedules; and Ensuring that electronic records that are removed from HOME, SHARE, and GLOBAL disk space storage are not destroyed without an appropriate disposition authority, which can be obtained through the CMS Records Officer located in the Office of Strategic Operations and Regulatory Affairs (OSORA). 5.B. CMS Components The individual CMS Components are responsible for the following activities: Managing the files stored on the Component s SHARE drive so as to remain within the space that has been allocated to the Component; and Requesting an exception, if needed, to the SHARE drive storage space limit allocated to the CMS Component in accordance with the appropriate procedures (see Attachment Section below). Managing the use of disk space storage resources to ensure that material that is no longer needed is removed from SHARE storage; Ensuring that the retention/disposition of electronic material stored on or removed from SHARE storage is managed in accordance with the NARA General Record Schedules and the CMS Records Schedules; and Ensuring that electronic records that are removed from SHARE storage are not destroyed without an appropriate disposition authority, which can be obtained through the CMS 4

Records Officer located in the Office of Strategic Operations and Regulatory Affairs (OSORA). 5.C. Office of Information Services (OIS)/ Technology Management Group (TMG) The OIS/TMG is responsible for the following activities: Developing and implementing procedures to ensure compliance with the operational policy established in Section 4 above (see Attachment Section below); Managing the storage limits assigned to individual Users and CMS Components; Approving/disapproving requests for exceptions to the established HOME and SHARE drive storage space limits; and Overseeing CMS IT Infrastructure Implementation Agent or Contractor s execution of their role in fulfilling this policy. 5.D. IT Infrastructure Implementation Agent or Contractor CMS IT Infrastructure Implementation Agent or Contractor is responsible for the following activities: Managing the CMS network disk space storage drives, including maintaining backups of stored materials and the retention/disposition of files, in accordance with this operational policy; and Restoring deleted files from network backups, if requested within a three-week period from the time of deletion. 6. APPLICABLE LAWS/GUIDANCE The following laws and guidance are applicable to this operational policy: Federal Records Act of 1950, as amended (44 U.S.C. 3101 et seq.) Federal Guidelines on Records Management (36 CFR 1220 through 1236 Chapter XII- National Archives and Records Administration) National Archives and Records Administration (NARA) General Record Schedules CMS Records Schedule 7. EFFECTIVE DATES This operational policy becomes effective on the date that CMS Chief Information Officer (CIO) signs it and remains in effect until officially superseded or cancelled by the CIO. 5

8. INFORMATION AND ASSISTANCE Contact the Director of the Technology Management Group (TMG) within the Office of Information Services (OIS) for further information regarding this operational policy. 9. APPROVED /s/ 8/24/04 Timothy P. Love Chief Information Officer Date of Issuance 10. ATTACHMENTS Procedure: Request for Exception to Network Drive Storage Limits 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information