RECORD AND INFORMATION MANAGEMENT FRAMEWORK FOR ONTARIO SCHOOL BOARDS/AUTHORITIES



Similar documents
Administrative Procedures Memorandum A2005

4.10 Information Management Policy

Scotland s Commissioner for Children and Young People Records Management Policy

BOARD POLICY POLICY TITLE. Records and Information Management 1.0 PURPOSE

How To Ensure Health Information Is Protected

Strategy for Management in Canadian Jurisdictions

Polices and Procedures

Council Policy. Records & Information Management

Interagency Science Working Group. National Archives and Records Administration

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper

TRENDS AND DEVELOPMENTS IN INFORMATION GOVERNANCE AND RECORDS MANAGEMENT. Key Concepts Defined. Key Concepts Defined 4/30/2015

Document Management in the FIPPA Era

YORK REGION DISTRICT SCHOOL BOARD. Policy and Procedure #160.0 Records and Information Management

Cloud Service Contracts: An Issue of Trust

GOVERNANCE DEFINED. Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts

Approved by: Vice President, Human Resources & Corporate Resources and Vice President, Treasury & Compliance Date: October 14, 2009

Information Management

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

What We ll Cover. Defensible Disposal of Records and Information Litigation Holds Information Governance the future of records management programs

Chapter WAC PRESERVATION OF ELECTRONIC PUBLIC RECORDS

Information Security Classification

Corporate Policy and Procedure

September Tsawwassen First Nation Policy for Records and Information Management

1. Each employee is responsible for managing college records in a responsible and professional manner.

City of Minneapolis Policy for Enterprise Information Management

Records Management Plan. April 2015

Corporate Records Management Policy

Generally Accepted Recordkeeping Principles

RECORDS MANAGEMENT LAWS

Union County. Electronic Records and Document Imaging Policy

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

Generally Accepted Recordkeeping Principles How Does Your Program Measure Up?

BPA Policy Information Governance & Lifecycle Management

Business Process Design As-Is and To-Be Checklists Introduction

Information Management and Protection Policy

How the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP )

INFORMATION AND DOCUMENTATION RECORDS MANAGEMENT PART 1: GENERAL IRISH STANDARD I.S. ISO :2004. Price Code

Life Cycle of Records

Records Management - Department of Health

Digital Continuity Plan

Managing Shared Electronic Workspace

Quality Management. Retention of Project Documentation. Guidelines. Association of Professional Engineers and Geoscientists of British Columbia

OFFICIAL. NCC Records Management and Disposal Policy

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

PROCEDURE. The permission rights assigned to allow data custodians to view, copy, enter, download, update or query data.

Privacy and Security Framework, February 2010

PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS

Rackspace Archiving Compliance Overview

UNIVERSITY OF NAIROBI POLICY ON RECORDS MANAGEMENT

Digital Records Preservation Procedure No.: 6701 PR2

CORPORATE RECORDS MANAGEMENT POLICY

Management of Official Records in a Business System

MALAYSIAN STANDARD INFORMATION AND DOCUMENTATION - RECORDS MANAGEMENT - PART 1: GENERAL (ISO :2001, IDT)

CORK INSTITUTE OF TECHNOLOGY

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

Technical Competency Framework for Information Management (IM)

Electronic Records Management

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION

Retention & Disposition in the Cloud Do you really have control?

UNIVERSITY OF MANITOBA PROCEDURE

IT Forum UW-Madison Records Management Program. UW Archives and Records Management

Certified Information Professional 2016 Update Outline

Brian Beamish. Commissioner (Acting) Ontario Information and Privacy Commission. Cyber Risk National Conference February 9, 2015

Information governance strategy

Records Management Policy.doc

INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA

Personal Health Information Privacy Policy

Basic Records Management Practices for Saskatchewan Government*

FIPPA and MFIPPA: Bill 8 The Recordkeeping Amendments

How To Manage Records And Information Management In Alberta

The World of Information Governance

Accountable Privacy Management in BC s Public Sector

CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006)

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4.

Applicability: All Employees Effective Date: December 6, 2005; revised January 27, 2009 Source(s):

State of Florida ELECTRONIC RECORDKEEPING STRATEGIC PLAN. January 2010 December 2012 DECEMBER 31, 2009

Cloud Computing: Legal Risks and Best Practices

University of Hawai i Executive Policy on Data Governance (Draft 2/1/12)

Records Management. Training 101

POLICY AND GUIDELINES FOR THE MANAGEMENT OF ELECTRONIC RECORDS INCLUDING ELECTRONIC MAIL ( ) SYSTEMS

Considerations for Outsourcing Records Storage to the Cloud

NightOwlDiscovery. EnCase Enterprise/ ediscovery Strategic Consulting Services

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

National Statistics Code of Practice Protocol on Data Management, Documentation and Preservation

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

Managing e-records without an EDRMS. Linda Daniels-Lewis Senior IM Consultant Systemscope

UNITED STATES DEPARTMENT OF THE INTERIOR BUREAU OF LAND MANAGEMENT MANUAL TRANSMITTAL SHEET Data Administration and Management (Public)

Arizona State Library, Archives and Public Records

Strategies for Developing a Document Imaging & Electronic Retention Program

University of Michigan Medical School Data Governance Council Charter

Using ISO as an Audit Tool

Transcription:

PURPOSE Records and information are important strategic assets of an organization and, like other organizational assets (people, capital and technology), must be managed to maximize their value. Information includes records that are important for their content and as evidence of communication, decisions, actions, and history. Effective information management is critical to the operation of schools and school boards/authorities and is a part of every employee s responsibilities. This document sets out an information management framework that is meant to provide a disciplined consistent approach for the management of information assets. Vision The objective of records and information management (RIM) is to achieve efficient and effective records and information management to support program and service delivery; to foster informed decision making; to facilitate accountability, transparency, and collaboration; and to preserve and ensure access to information and records in accordance with the laws of Canada and Ontario and for the benefit of present and future generations. What Is Records and Information Management (RIM)? RIM involves identifying, planning, directing, controlling, and evaluating information assets to meet organizational goals and to deliver programs and services. Records are an important subset of information and they must be managed in a disciplined, consistent, and coordinated manner. RIM helps to establish disciplined, consistent practices related to the planning, creation, capture or collection, organization, use, accessibility, dissemination, storage, protection, and disposition of school board/authority-recorded information assets. Technology is key for effective information management. Why Is RIM Important? Through establishment of an effective RIM program, school boards and authorities will improve programs and services for students, decision making, information sharing, and access to and use of information. Additionally, RIM will support the preservation of corporate memory and organizational history; accountability, public trust and confidence; the management of risks to information, operations and services; and the protection of information-thereby protecting staff and students. Foundation 35

Goals of the RIM Framework Implementing the RIM framework will help ensure that school boards and authorities reach the following goals: Provide timely, relevant, and accurate RIM to support the provision of programs and services that best meet students needs.; Support informed decision-making and policy development, and effective, efficient, and trustworthy program and service delivery; Support transparency and accountability; Support access to and privacy of information in accordance with legislation and policies; Capture and manage records of business decisions and transactions and maintain corporate memory; and Support access to information for legal purposes. The RIM Framework RIM Vision (Goals and Objectives) RIM Principles Accessibility Accountability and Stewardship Risk Management Usability and Quality Control Integration RIM Commitments The Legal Framework RIM Policies RIM Procedures, Guidelines, Standards and Practices (Based on the Government of Alberta Information Management Framework) Foundation 36

Objective of a Records and Information Management Framework 1. To establish a consistent and coordinated approach to RIM by establishing policy, standards, practices, and tools that reflect organizational needs. 2. To adopt a RIM framework that supports organizational goals and objectives and supports student needs. 3. To establish processes that ensure that information is accurate, reliable, trustworthy, and authentic; has a context and is able to serve as evidence; and supports accountability. 4. To build staff awareness and understanding of and commitment to managing information assets and protecting privacy and confidentiality at all levels of the organization. 5. To improve control and security through providing audit trails of document activities, ensuring their use as reliable information assets. 6. To establish an integrated, organization-wide solution for managing electronic information. 7. To develop a staff training strategy and build RIM skills. 8. To develop and implement metadata standards to support the identification, location, and retrieval of information. 9. To develop a strategy for the long-term management (migration) and preservation of information assets. 10. To assess progress in improving the management of information in the organization. RIM PRINCIPLES AND COMMITMENTS Principle 1 - Accessibility Information will be readily available and accessible for as long it is required. a. Information to support evidence of communications, actions, and decisions is routinely recorded and stored. b. Information is accessible to staff who require it in the performance of their duties and are authorized to access it. c. Information is shared across the organization and with social agencies in accordance with operational needs and statutory provisions. d. Information is managed throughout its life cycle regardless of format. e. Rules are established for the organization, storage, retrieval, and destruction of records. f. Plans and practices to actively make records available to the public are in place, and records are available to the public by request, subject to the statutory requirements. Foundation 37

Principle 2 - Accountability and Stewardship Accountability for managing information in the custody and control of the organization is clearly defined, communicated and monitored. a. Accountability for creating a record of business decisions and transactions and for maintaining corporate memory is clearly established and monitored. b. Roles and responsibilities for staff are articulated and understood for all management of information activities. c. Core competencies relating to managing information are identified, and training is provided. d. Performance in managing information is managed and measured. Principle 3 - Risk Management Risks to information are managed and practices and processes are in place to protect information assets. a. Risks to records and information are identified and managed. b. Practices are in place to protect confidential, sensitive, and personal records and information from unauthorized collection, use, disclosure, or destruction. c. All records are managed to meet rules of evidence and legal discovery. d. Contractual arrangements include provisions for the protection and appropriate use of records and information to mitigate risks. e. Records and information are managed to support business continuity and recovery in the event of disaster. f. Records and information are managed to protect privacy and confidentiality. Principle 4 - Usability and Quality Control RIM meets the needs of staff and stakeholders. RIM is timely, accurate, reliable, and relevant, has integrity, and is easy to use. a. Processes are in place to ensure that RIM is accurate, timely, reliable, and easy to use. b. RIM use is planned and managed. c. Records and information are managed appropriately throughout its entire life cycle-creation, capture, and collection; organization; storage, access, and use; and disclosure and disposition (destruction or permanent retention). d. Plans are in place to leverage the value of RIM by combining it with RIM from other internal or external sources, in accordance with statutory provisions, to improve programs and services. Processes and technology supports are in place to ensure appropriate access to records and information and tracking of who has modified or accessed confidential records. Foundation 38

Principle 5 - Planning and Coordination Coordinated planning for RIM is linked to organizational goals, objectives, and financial planning. a. RIM practices are included in all program planning. b. RIM is coordinated across the organization-schools and departments. c. RIM is planned to support continuous service and disaster recovery. d. RIM is integrated into succession plans to ensure the capture and maintenance of corporate history. Principle 6 - Integration The management of records and information is integrated with program planning and other business processes. a. RIM practices are a component of program and project management. b. RIM is integrated across the organization (schools and departments) to support organizational objectives. Legislation, Policies Standards and Practices The context for records and information management for school boards/authorities is provided by legislation, Ministry Policy Program Memoranda, and school board/authority policies and procedures. School boards/authorities should be aware of the following statutes which provide guidance for the collection, use and maintenance of recorded information. The Education Act of Ontario The Education Act is the administrative statute under which all Ontario school boards/authorities must operate. The Act sets out provisions for the creation and maintenance the pupil record (s. 265 (1) and s.266) and for the establishment of a records management program (s.171(38)). The Ontario Evidence Act Sets out how RIM may be used as evidence in legal proceedings in a court of Ontario. The Canada Evidence Act Sets out how RIM may be used as evidence in legal proceedings in a court in a matter under federal jurisdiction. The Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) MFIPPA addresses issues of disclosure of records under the care and custody of school boards/authorities, as well as the collection, use, and disclosure of records containing personal information. MFIPPA also regulates the collection, use, disclosure, and accuracy of personal information stored in records and creates a process for obtaining access to recorded information. The Personal Health Information Protection Act (PHIPA) PHIPA addresses the collection, use, disclosure, retention, and destruction of personal health information. Foundation 39

Other Statutory Provisions The Table of Laws and Citations with Retention Requirements for school boards/authorities included as part of the Guideline on the Model Classification Scheme and Retention Schedule provides a listing of other statutory provisions contained in the laws of Canada and Ontario that may affect the creation and retention of school board/authority RIM. Ministry Policy and Program Memoranda Ministry of Education PPM s may include requirements for the collection, creation, use retention and destruction of records and information. Standards, Policies, Procedures and Practices School boards/authorities will need to develop supporting policies, procedures, and guidelines for the completion of the RIM framework. Policies and procedures may include, but should not be limited to, the following: Information/records keeping policies management Classification and retention guidelines Guidelines for managing personal information and confidential information Guidelines for access and control of information Securing mobile devices Password management procedures Information architecture Records management guidelines References Government of Canada Information Management Framework Government of Ontario Information Management Framework Government of Alberta Information Management Framework Foundation 40

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information