Digital Continuity Plan Template · 2016. 12. 22. · Digital Continuity Plan Template Page 3 of 22 . Document Purpose and Use . This document provides a template for agencies who

Digital Continuity Plan Template

State Information Template No


Expos

ure dr

aft


Page 2 of 22

Table of Contents

Document Purpose and Use..…………………….…………………………………………………………………………….3

References……………………………………………………………………………………………………………………………….3

Further information ………………………………………………………….…………………………………………..…………4

Acknowledgements…………………….………………………………………………………………….…………….…………4

Information Security Classification……………………………………………………………………………….…..…....4

Document History……………………………………………………………………………………………….……………………4

Plan Template………………………………………………………………………………….………………………..………….…5

Expos

ure dr

aft


Page 3 of 22

Document Purpose and Use

This document provides a template for agencies who need to develop and present a plan of action

that addresses digital continuity (DC) risks in their organisation. It provides a framework on which to

base a Digital Continuity Plan. The contents of each section are indicated in [blue] – this text should

be deleted in the final Plan. Sample text is also provided – this should be included, altered, replaced

or the section completely discarded as appropriate to your agency.

The resulting work plan and budget may stand alone as a single project (or a series of projects), or

they may be incorporated in wider RIM plans and budgets.

References

Checklist: Testing for Continuity of a Digital Information Asset, v1.0, July 2013, TAHO

Information Management Advice 37 – Keeping Digital Records Accessible, v2.0, March 2015,

TAHO

Information Management Advice 38 – Information Asset Owners and Digital Continuity, v2.0,

March 2015, TAHO

Information Management Advice 56 – Management of Digital Records on a Shoestring Budget,

v2.0, April 2015, TAHO

Introduction to Risk Management, Advice 60 Part One, May 2015, TAHO

Managing Digital Continuity, UK National Archives online advice,

http://www.nationalarchives.gov.uk/information-management/manage-information/policy-

process/digital-continuity/

New Zealand Digital Continuity Action Plan, 2009, Archives New Zealand.

Whilst references to this document are easily findable online, the document itself no longer appears to

be accessible online – an example of loss of digital continuity at least for parties external to Archives

New Zealand

State Records Guideline 19: Digital Preservation Formats, v2.0, June 2015, TAHO

Expos

ure dr

aft

http://www.nationalarchives.gov.uk/information-management/manage-information/policy-process/digital-continuity/



Page 4 of 22

Further Advice

For more detailed advice, please contact:

Government Information Strategy Unit

Tasmanian Archive and Heritage Office

91 Murray Street

HOBART TASMANIA 7000

Telephone: 03 6165 5581

Email [email protected]

Information Security Classification

This document has been security classified using the Tasmanian Government Information Security

classification standard as PUBLIC and will be managed according to the requirements of the

Tasmanian Government Information Security Policy.

Document Development History Build Status

Version Date Author Reason Sections

1.0 19 Dec 16 Alison Fleming First release All

Amendments in this Release

Section Title Section Number Amendment Summary

This is the first release of this document.

Issued: unpublished

Ross Latham State Archivist

Expos

ure dr

aft


Page 5 of 22

< insert Agency Name & logo>

Digital Continuity Plan

Date Approved: <insert date>

Expos

ure dr

aft


Page 6 of 22

Table of Contents

1. Context ....................................................................................................................................................................... 7

1.1 What is digital continuity? ................................................................................................................................... 7

1.2 Why it has become important ? ......................................................................................................................... 7

1.3 Generic Digital Continuity Risks and Responses ............................................................................................. 8

2. Our Digital Continuity Principles ......................................................................................................................... 9

3. Our Digital Continuity Risks ................................................................................................................................ 10

3.1 Digital Continuity Risk Assessment Approach ............................................................................................... 10

3.2 Digital Continuity Risk Register ....................................................................................................................... 12

4. Digital Continuity Work Plan .............................................................................................................................. 13

4.1 Objectives ........................................................................................................................................................... 13

4.2 Prioritisation Approach ..................................................................................................................................... 13

4.3 Roles and Responsibilities ................................................................................................................................ 14

4.4 Projects and Initiatives ...................................................................................................................................... 15

5. Required Resources ............................................................................................................................................... 15

5.1 Specialist expertise and advice ........................................................................................................................ 15

5.2 Specialist equipment and tools........................................................................................................................ 15

5.3 Budget ................................................................................................................................................................. 16

6. Key Performance Indicators ................................................................................................................................ 16

Appendix A: Generic Responses to Digital Continuity Risks ........................................................................... 17

Appendix B: Types of Digital Continuity Risk ..................................................................................................... 18

Appendix C: Digital Continuity Risk Register...................................................................................................... 20

Appendix D: Digital Continuity Workplan (Proposed) ..................................................................................... 22

Expos

ure dr

aft


Page 7 of 22

1. Context

1.1 What is digital continuity?

[Insert definition of digital continuity]

Sample text:

The UK National Archives defines Digital Continuity (DC) as “the ability to use digital

information in the way that you need, for as long as you need.” This requires that digital

information is able to be used by the business and its current – and future - stakeholders,

for as long as they need it and no longer.

1.2 Why it has become important ?

[Insert brief explanation of generic digital continuity challenges that pose risks for electronic

records]

Sample text:

Digital continuity is a rapidly growing problem because:

There is now a strong and increasing public sector dependence on electronic

information.

Creating digital information is easy – this has led to huge volumes of it being stored

and used, as well as ongoing challenges with how to describe and manage it all in ways

that give it ongoing meaning and value.

The extremely rapid rate of technological change means that electronic file formats

and business software change relatively frequently – and with each change comes the

opportunity for important information to be lost.

Electronic storage media (e.g. memory sticks, disk, magnetic tape) are not very durable,

so the information on them does not last as long as paper records (typically 5 years

instead of 50+ years).

Public sector agencies have moved well away from a past where (paper-based)

processes for recording key business information were clearly prescribed and well

understood by staff who often had long careers in the public sector. Now the ever-

changing nature of electronic information means processes for creating, describing,

storing and managing it are less clear, and less well understood or rigorously followed.

Staff moving between jobs more often also reduces the institutional knowledge that

once backed up the recorded knowledge of the agency.

Whilst the processes to preserve paper are well understood and the ability to make a

copy is straightforward, preserving digital records long term can be much more difficult

and time consuming. Unless the right actions are taken as information is created, the

Expos

ure dr

aft


Page 8 of 22

success of later DC actions will be dependent on a mixture of historic hardware,

software, metadata and user knowledge that may not still be available.

There is a tendency never to get rid of digital information, on the mistaken

assumption that “disk is cheap”. However maintaining access to digital information is

expensive, so ensuring we do not keep or manage digital information any longer than

we need to is important.

1.3 Generic Digital Continuity Risks and Responses

[Insert brief explanation of generic responses to avoid or mitigate DC risks]

Sample text:

Common digital continuity risks include:

Digital information is stored on devices or in systems that are not well organised or

documented, so that we do not actually know what the important information is and

therefore what we should focus continuity effort on.

Digital information lacks sufficient metadata to ensure it remains usable and can be

preserved if necessary. Such metadata needs to cover:

o the context in which this information was created;

o other information it links to;

o administrative information about its creation (author, date last changed,

version etc);

o audit trail log information and formal audit findings to provide evidence of

changes that support its authenticity; and

o technical information1 to support future preservation activity if required.

Digital files are received from external sources with digital rights management

settings2 which may prevent their long term access or preservation.

Digital file formats become obsolete over time, meaning the information in them can

no longer be accessed easily.

The surface of electronic storage media degrades over time, meaning the information

on them can no longer be read. Like lightbulbs, even relatively new digital storage

can fail without warning, rendering it no longer readable.

1 Technical information includes such metadata as for example file size, file format, application it was created by, specific information

dependant on file type (e.g. for an image that might include the number of pixels). 2 Wikipedia defines Digital Rights management (DRM) schemes are various access control technologies that are used to restrict

usage of copyrighted works. DRM technologies try to control the use, modification, and distribution of copyrighted works (such as software and multimedia content)…. Works can become permanently inaccessible if the DRM scheme changes or if the service is discontinued.” Whilst public sector agencies normally prevent staff from applying DRM settings to work files, we cannot control what external people (e.g. customers, private businesses) may do.

Expos

ure dr

aft

https://en.wikipedia.org/wiki/Access_control

https://en.wikipedia.org/wiki/Copyright


Page 9 of 22

As business software applications are upgraded or replaced, information must be

transferred to new formats or database structures that are not always 100%

compatible with the old one, meaning some information (content and / or metadata,

important document formatting, macros and formulas, links between files or

documents etc) may be lost.

Whilst most people have experienced loss of digital information in their private lives

(e.g. they can no longer access a scratched CD-ROM, or a floppy disk because there

is no floppy disk drive on their PC), they remain unaware of what this could mean in

a business context

Most organisations lack the specialist knowledge and equipment to undertake digital

preservation.

Responses to these risks and challenges fall into four broad categories:

Prevent or reduce the likelihood of digital loss or degradation

Recover from identified digital loss or degradation

Reduce the size of actual or potential problem

Accept the risk of digital loss or degradation.

Appendix A gives examples of actions that fall into each of these response categories.

2. Our Digital Continuity Principles

[Insert brief statement about the Principles we have adopted to guide digital continuity and its planning in our organisation]

Sample text:

In developing this digital continuity plan we have adopted the following Principles to guide

our decision making:

Principle 1: There when we need it

Our important information will be maintained so that it can be accessed for as long

as it is needed.

Principle 2: Authentic and reliable

Our important information is tamper-proof and free from digital rights

management restrictions.

Principle 3: Trusted access

Tasmanians can be confident that they will be able to find, retrieve and use all our

digital information that can be made publically available, and that their sensitive

information will be protected from unauthorised access.

Principle 4: Preserve only for as long as required

We keep important digital information for as long as it is required, but no longer.

Whilst some may become permanent archives, much will not and will be actively

managed through the retention and disposal process. We also do not waste digital

preservation focus on information that is not important.

Expos

ure dr

aft


Page 10 of 22

3. Our Digital Continuity Risks [NOTE: if no assessment of DC risks has yet been undertaken, leave this section out and make DC risk assessment the first action in the DC Workplan.]

3.1 Digital Continuity Risk Assessment Approach

[Insert a brief statement about what digital continuity risk assessment has been undertaken.]

Sample text:

Our approach to identifying digital continuity risks has been:

1. Know what we have

We first identified the major information assets and their key characteristics, as a

necessary prerequisite to any assessing how at risk they are.

Characteristics of interest included:

the information content (what is this about)

business value (why created/how used)

usage frequency (including when last accessed, if not current)

age (when created)

length of time likely to need future access (retention requirements)

volume/amount (e.g. size of database, number of documents/files)

metadata available (including information context, links to other information /

records / transactions, technical file information)

storage media and location (e.g. personal drive, USB, cloud storage, shared

workspace)

file or database format (e.g. Word, PDF-A, SQL database etc).

Much of the information was able to be sourced from the <Agency> Information Assets

Register / Vital Records Register maintained by the RIM Team; other details were

identified in discussion with information asset owners and relevant IT staff.

2. Identify highest value/most important information assets:

Working on the principle that the greatest effort should be put into the items of most

value, we worked to identify those information assets in the high value category.

We first noted those information assets already identified as Vital records by the RIM

Team and/or already noted those information assets already identified as high value in

Expos

ure dr

aft


Page 11 of 22

the Information Assets Register, since these are already deemed to be of high

importance.

We found some entries in the Information Assets register already had value ratings that

were not ‘high – while these may also be at risk, our limited resources will be directed

first at addressing DC risks for high value information assets, so we ignored these.

This left us with a range of information assets with no current value rating. For these we

worked through an appraisal process with information asset owners to determine an

objective “information value” rating for each. These value ratings were derived from

considering the standard criteria used in appraisal of public sector records3:

Authority and structure of government

Functions and program of government

Accountability of government

Rights and entitlements of individuals

Tasmanian society and culture

Environmental management and change.

Alongside this we also undertook a legislative review in relation to the retention and

accessibility requirements for these records, and looked at business risks that would arise

if they were compromised or lost. In this way we were able to consider both the value the

wider community would place on these records and their value to the business.

Based on this complete picture, each information asset received a value rating on a scale

of 1 (low value - loss would cause little or no impact) to 5 (high value – loss would mean

major political and business embarrassment; loss of entitlement proof for citizens;

inability of government to justify key decisions and undertake critical work, high potential

for litigation or liability on behalf of agency, major failure to comply with legislative or

regulatory requirements).

3. Update documentation:

The <Agency> Information Assets Register has been updated with this information,

including the value ratings, to provide a mechanism for tracking DC progress for future

planning.

3 Appraisal Statement for State Records Required as State Archives, v1.0, February 2015, TAHO,

https://www.informationstrategy.tas.gov.au/Records-Management-

Principles/Document%20Library%20%20Tools/Appraisal%20Statement%20for%20State%20records%20required%20as%2

0State%20Archives.pdf

Expos

ure dr

aft

https://www.informationstrategy.tas.gov.au/Records-Management-Principles/Document%20Library%20%20Tools/Appraisal%20Statement%20for%20State%20records%20required%20as%20State%20Archives.pdf




Page 12 of 22

4. Assess DC risks of highest value information assets:

Using relevant TAHO and UK National Archives4 published advice, and with support from

the TAHO Collections DC staff, staff from the relevant business unit plus the RIM and IT

teams jointly assessed the DC risks for each of our high value information assets,

including Vital records.

To help identify our DC risks we looked at four risk categories

a. People risks (e.g. poor following of processes, entry of poor quality metadata, lack

of DC understanding)

b. Software application risks (e.g. poor configuration, lack of security, version

changes);

c. Technical risks (e.g. underlying operating system/database changes etc,

proprietary or obsolescent file formats);

d. Media risks (e.g. use of low quality media, existence of unreadable or damaged

storage media).

These DC risk types, including examples of common causes and consequences, are

discussed further in Appendix B.

Some of the DC risks are organisational and apply to all agency information; others relate

to specific information assets. We recorded these in a DC Risk Register, including the

likelihood and urgency of each risk on a high-medium-low scale (as per the agency Risk

Management Framework).

5. Identify potential mitigating actions

Potential mitigations for reducing the likelihood or urgency of each risk were also

brainstormed and recorded.

3.2 Digital Continuity Risk Register

[Insert details of DC risks identified]

Sample text:

See Appendix C for the <Agency> Digital Continuity Risk Register.

4 Information Management Advice 37 – Keeping Digital Records Accessible, v2.0, March 2015, TAHO

Information Management Advice 38 – Information Asset Owners and Digital Continuity, v2.0, March 2015, TAHO

Managing Digital Continuity, UK National Archives online advice, http://www.nationalarchives.gov.uk/information-

management/manage-information/policy-process/digital-continuity/

Expos

ure dr

aft




Page 13 of 22

4. Digital Continuity Work Plan

4.1 Objectives

[Insert brief statement about what this Plan is trying to achieve, and its timeframe – this needs to be appropriate to where the agency is on the path from just starting to think about DC to being mature in addressing and managing DC risks]

Sample text:

The objectives of this Digital Continuity Plan are to:

a. provide visibility of key DC risks to our most important information assets at

management level.

b. establish a programme of educating staff about DC risks.

c. identify and implement standards and processes that will reduce the likelihood of

increased DC risk in the future.

d. establish how ongoing identification and mitigation of DC risks for high

value/high risk information assets can be managed.

4.2 Prioritisation Approach

[Insert brief statement about how DC risks have been prioritised for action]

Sample text:

In identifying the priority for addressing DC risks the following factors have been weighed:

value of the information (including political and future community interest)

level and urgency of DC risk – if the risk likelihood is both high and imminent then

the priority for action needs to be higher

availability of viable options to address risk – is there anything we can actually do or

is it too late? Is there an acceptable work around?

effort required to address risk - e.g. volume of information, complexity of mitigation,

availability/affordability of required specialist knowledge or equipment, number of

people, other costs. Could this risk be wholly/partially mitigated through a project

already being undertaken (e.g. considering long term digital records as part of

developing a new Retention and Disposal Schedule; ensuring a business project to

digitise customer records uses a scanning process that results in open format files

with good technical metadata to lengthen the timeframe they will be accessible for).

This detail has been added to the DC Risk Register (Appendix C).

Expos

ure dr

aft


Page 14 of 22

4.3 Roles and Responsibilities

[Insert brief statement about who is responsible for ensuring the continuity of electronic records, and how these roles need to work together]

Sample text:

Role Responsibility

Information Asset

Owner

Overall responsibility for ensuring information asset remains

accessible for as long as required by all who need to use it

Understand DC risks related to their information assets

Provide information about business value and ongoing/future

use

Information

Management (IM)

Manager

Maintain Information Assets Register, including relevant DC

information on each significant information asset

Ongoing education of agency management and staff about DC

risks

Develop DC Plan, in collaboration with Information Asset

Owners and IT Manager

Manage/oversee projects and initiatives approved in DC Plan

Ongoing measurement and reporting of DC KPIs

Information

Technology (IT)

Manager

Understand the DC risks related to information assets

Collaborate with RIM Manager to identify DC priorities and

viable DC risk mitigation actions

Risk and Audit

functions


Capture key DC risks into agency Risk Register where

appropriate

Monitor key DC risks over time

RIM & IT staff Increase understanding of DC so can become sources of trusted

advice to agency staff


Undertake mitigation activity as required by approved DC Plan

External DC Specialists Provide specialist knowledge, advice, equipment and resources

as required

Government

Information Strategy

Unit, TAHO

Provide DC guidance and standards where appropriate

Connect agency to others tackling similar challenges, to help

develop a community of learning

May be able to provide access to legacy systems/platforms (e.g.

old technology, obsolete operating systems and other software

such as device drivers) in order to retrieve information from

obsolete or unsupported media.

Expos

ure dr

aft


Page 15 of 22

4.4 Projects and Initiatives

[Insert Workplan of activities to be undertaken to address priority risks. Include indicative timeframe, which may be this year or a longer period (e.g. 1-5 years).]

Sample text:

The Proposed DC Workplan is in Appendix D.

The DC projects and initiatives to be undertaken in the next financial year are those required

to mitigate DC risks noted as High priority in the DC Risk Register.

Actions to mitigate other DC risks have been identified for potential action in years 2-3, but

the DC Plan will be reviewed at least annually and the DC Workplan updated as a result.

5. Required Resources

5.1 Specialist expertise and advice

[Insert details of skills and expertise required, specialist (external) advice, and additional staff resources (e.g. for migration testing, disposal etc) that will be required to undertake this work, above and beyond business-as-usual resourcing.]

Sample text:

RIM staff have some understanding of digital continuity but will need to upskill in

preparation for developing and delivering agency-wide DC training. They will also require

some specialist external advice, which can be provided by TAHO free of charge, or paid for

by major projects where required to support them.

5.2 Specialist equipment and tools

[Insert details of special hardware, software and any other equipment and tools that will be required to undertake this work, above and beyond business-as-usual resourcing.]

Sample text:

To resolve the issue of the EDRMS holding a small number of unknown file types, IT will

need to source and download legacy file format readers, and set these up in a simulated

legacy operating system environment. These may be sourced from the TAHO Collections

team.

If successful this will enable legacy files to be opened and resaved in a more modern format.

Where readers still exist for the problem formats they are readily available free of charge

from the web.

Expos

ure dr

aft


Page 16 of 22

5.3 Budget

[Insert details of additional costs involved in paying for the above additional resources or need for any other resources (eg additional temporary cloud storage).]

Sample text:

The Proposed DC Workplan assumes that many of the required activities will be completed

as part of business as usual for the IT and RIM teams, or as part of the planned and

separately resourced ABC Register replacement, Cloud Hosting projects.

Cost of contracting the scanner supplier to check and update the configuration of all

scanner devices to ensure DC compatibility = $1,800 (note: assumes can be done as part of

normal maintenance, which will incur some hourly-rate cost but avoid travel/call out

charges).

Cost for contracting DC specialists in XYZ Company to read and recover information off

floppy disks = $2,000 (estimated) – TAHO have indicated they expect to be able to facilitate

our doing this work ourselves by providing appropriate training/support/tools/equipment.

This amount is a contingency in case we are not able to do this work in-house.

6. Key Performance Indicators

[Identify a small range of measures that will demonstrate the value this work has provided – these need to be meaningful to the organisation.]

Sample text:

The following measures have been identified to help identify if we are improving our DC

capability:

Number of files in EDRMS and shared drives with unknown file format (target <100

ongoing)

Number of items of old media (can’t be read) awaiting resolution (target < 30 pa)

% staff able to identify and discuss a DC issue related to their work, and its mitigations

(target 80% by July 2017)

20% increase in staff reporting they are able to find and open the files they need for

their work (annual survey)

% scanned files meeting open file format standards (target 100% by July 2017, then per

annum check)

% (relevant) IM/IT policies/contract templates with DC embedded in them (target 100%

by December 2019)

Coverage of digital records in agency R&D Schedule(s) complete by December 2019

These measures will be reported in the RIM Quarterly Report to the Senior Responsible

Officer (SRO) and Risk Committee, along with progress on delivering the agreed DC

Workplan.

Expos

ure dr

aft


Page 17 of 22

Appendix A: Generic Responses to Digital Continuity Risks

Generic response Examples of mitigations in this response category For Against

Prevent or reduce

likelihood of digital

loss or degradation

Education to avoid poor practice

Regular testing of recovery processes from backups

Automation to increase good quality capture (e.g. of

technical metadata capture)

Standardisation of file formats

Use of audit trail logging and internal or external audit to

ensure integrity maintained

Adoption of high quality storage media

Replacement of all storage media after maximum 5 years

Planned migration during system replacement

Careful configuration setting in new software and

equipment to ensure appropriate formats created and

metadata captured

Simplest and most cost effective to

prevent problem arising in first place

wherever possible

Cultural resistance to seeing

necessity

Recover from

identified digital

loss or degradation

Recreate records through digitisation, manual entry,

collation of other records etc

Controlled migration to more modern electronic format

If records of high value this may be

the only option, and will at least

partially retain the format and context

information

Recreation may not be possible

if source records do not exist

Cost may be high and process

time consuming

Reduce size of

actual or potential

problem

Identify and remove duplicate, redundant and transitory

digital information

Reduce electronic records held through disposal

Transfer electronic records to another agency (e.g. TAHO)

R&D Schedule not complete or

approved, therefore some digital

information not currently able to be

disposed of

At risk records may still be needed by

the business

Cannot dispose of high value

records

TAHO may not be ready to

accept electronic records

Accept risk of

digital loss or

degradation

Do nothing May be a good option if cost high,

lifespan short, value low, multiple

versions or alternative formats exist)

Not appropriate if high value

and high risk

Expos

ure dr

aft


Page 18 of 22

Appendix B: Types of Digital Continuity Risk

Risk Category Description Examples of Potential Causes Examples of Potential Consequences Examples of questions asked to identify existence of potential risks in this category

PEOPLE Risks caused by poor process or lack of knowledge/action

Lack of DC awareness Lack of culture of treating record keeping as important Lack of clear standards for naming conventions,

minimum required metadata Lack of DC understanding in RIM Team means they are

unable to spot potential DC risks or advise on appropriate actions

Poorly described records Poorly connected records (to other related

records, wider context information) Records kept in inappropriate places or

formats (e.g. local hard drives, personal USB drives)

DC risks not identified so no remedial or preventative action taken

Have staff attended DC awareness training? Are DC risks and issues considered in all relevant

policies, plans and Risk Registers? Are staff diligent in creating records for this

information asset (or not)? Are there clear standards & guidelines for

minimum metadata and descriptions? Can records be discovered by searching on

common metadata fields? Can records be understood in terms of

identifying their context? Are RIM staff confident in conducting DC risk

workshops with business staff? Is there basic DC advice available on the

Intranet? Are RIM staff confident about providing

responses to DC concerns, or know where they can get help?

SOFTWARE APPLICATIONS

Risks related to applications that are poorly configured during implementation, undergo version changes, lack basic record keeping functionality

Lack of ability to maintain an audit trail of changes to records

Appropriate access security to control who can see/change/delete records not implemented or maintained

Application not configured during implementation to collect quality metadata

Functionality changes introduced during upgrades/version releases result in the potential for loss of important metadata or formatting

Lack of sufficient planning/testing of legacy data migration during implementation of a replacement application results in content or metadata loss

Integrity of records is compromised and they cannot be relied on

Lack of sufficient/quality metadata means context of records cannot be understood

Does this application log minimum metadata about record creation, change, deletion and access right changes?

Does this application allow access groups and the application of access control at record and group/folder level?

Does the application enforce data validation and mandatory entry requirements for minimum metadata?

Does this application manage versions of records and transactions so they can be identified?

Do we have significant volumes of duplicate or temporary information in this application, that has not been disposed of?

Is there a clear standard for metadata and formats of digitised files, and does scanning software conform to this standard?

For applications being upgraded or replaced is there a careful migration plan that accounts for all critical metadata and contents, that RIM staff have had input into?

Do all links and embedded objects still work as

Expos

ure dr

aft


Page 19 of 22

Risk Category Description Examples of Potential Causes Examples of Potential Consequences Examples of questions asked to identify existence of potential risks in this category

originally intended? Is there any evidence of corrupted

files/databases? Is the information encrypted in this asset and if

so do we have the encryption keys securely stored for future reference?

Does migration testing thoroughly cover all aspects of metadata and format change?

TECHNICAL Risks related to records access being reliant on computer hardware, operating and database software and file formats that over time become obsolescent

Keeping old applications/databases on assumption we will be able to open them again if we need them, without checking that is possible before upgrading servers, operating systems, database management software, display tools and other items the application is dependent on

Lack of old device driver software means obsolete disk drives and other hardware no longer works with the operating system

Use of proprietary (closed) file formats increases likelihood of formats changes over time that we are unaware of

Lack of control over allowable file formats leads to many unrecognisable formats being in use

Records reliant on old hardware or operating/database software no longer able to be accessed

Disk drives, cassettes etc not able to be read because reader device cannot talk to the operating system

Files cannot be opened because formats not recognised

Files in old formats can be opened but lose critical formatting or metadata

Very large variety of file formats or use of uncommon formats makes the time and cost of providing ongoing access when formats change over time prohibitive

Is this application being run on outdated hardware of software?

Is access to old storage devices tested regularly to ensure it still operates (particularly before and after operating system and hardware upgrades)?

Is there an agreed (limited) list of acceptable file formats, and does it include only open formats (e.g. PDF/A, XML etc) or very popular proprietary formats (e.g. Word)?

Does this information asset rely on any formats that are no longer in common use in our organisation? If so is there a clear migration plan in place?

MEDIA Risks related to using low quality media, or to records in existence on unreadable, obsolete, unstructured or damaged media

Lack of DC awareness Storage media is not tracked over time, or is forgotten

about when people move on, so contents are unknown (especially local devices)

Difficult-to-use formal systems mean people resort to holding records on local or temporary digital storage

Poor media handling practices result in damage Lack of continuity planning to enable recovery of

records if media were to fail

Records kept on inappropriate media Poor quality storage devices used Storage devices not carefully managed to

avoid being harmed Storage media fails or is damaged and

records on it are inaccessible; and if no backup exists the records are lost

Have staff attended DC awareness training? Is there evidence of obsolete or damaged media

(e.g. floppy disks, old USBs)? Is there evidence of unlabelled media (i.e.

contents, and therefore value, uncertain)? Is there evidence that staff are holding important

information in emails, local drives, personal devices?

Are high value information assets regularly backed up, and are restores from those backups regularly tested?

Is information being stored in an unstructured way that prevents agency knowledge of their existence or contents?

Expos

ure dr

aft


Page 20 of 22

Appendix C: Digital Continuity Risk Register NOTE: risk impact is not included as only high value/importance information assets have been assessed (therefore impact is assumed to always be High)

Risk impact assessed as per Agency Risk Management Framework. Where risk impact is unknown (e.g. because contents of files or media is unreadable) risk impact is rated based on business unit input of likely value.

Mitigation approaches: Risk types:

prevent/reduce likelihood people risks (e.g. poor following of processes, poor descriptions or metadata entry)

recover software application risks (eg poor configuration, lack of security, loss during migration, version upgrades)

reduce impact technical risks (eg underlying operating system/database changes, proprietary or obsolescent file formats)

accept media risks (e.g. use of low quality media, existence of unreadable or damaged media)

[Examples should be replaced with details of actual DC risks identified for agency]

Risk Type Risk

No Risk Description Risk

Impact Risk

Urgency Information assets affected

Mitigation approach

Potential Mitigations Effort Level

Effort required to mitigate Priority

People 1 Users aware of DC risks in personal life but don’t translate into potential impact at work; therefore express unwillingness to enter basic metadata, manage removable media carefully, store records in EDRMS etc

M M All user-created information potentially

Reduce RIM - high level sign off of DC Plan, with executive champion to raise importance

RIM – review RIM & IT policies to assess how DC could be embedded in them

RIM - education sessions for all staff, team by team

L-M RIM – business as usual initiative under ongoing RIM training programme

IT – BA and Information Architect review of metadata rules implementation in systems

M - H

Software/ Application

2 Implementation of new ABC Register application in 2020 will require migration of 500,000 customer records; all information must be available in perpetuity but agency only requires information since 2014 for business reasons; some data is of poor quality

H H All customer records in existing system

Prevent/ Reduce

RIM – work with business and IT to identify data that can be disposed of ; ensure appropriate R&D schedule developed if not already in place

Business – define future data quality standard; identify legacy data not at this standard

IT – develop and thoroughly test the data migration plan

RIM - support plan development and business testing

IT – decommission legacy application

RIM – with IT help arrange e-transfer to TAHO of pre-2014 records

H IT – 2 FTE testers for 5 months, as part of PFQ project

IT – developer to write scripts for automated update of poor quality data where possible

RIM – estimated 35 person days across project + 40 person days for e-transfer

Business – estimate 2FTEs for 3 months to cleanse data, test trial migration, test results of real migration

M


3 EDRMS contains about 300 files with file extensions that are not recognised by today’s software

H M Documents provided by ABC business unit customers for old transactions (> 5 years ago), uncertain exactly what contents are

Recover RIM & IT – work together on identifying a limited range of file formats (preferably open and/or very high use proprietary formats) that will be allowable in future

IT - download legacy application reader software & related operating system (or acquire from TAHO), so that files can be opened and re-saved in a newer format (with some potential loss of internal file format)

L IT – one developer day to locate, install and test legacy software reader

Business – review file contents once saved in new format and revise assessment of value

L


4 Lack of full coverage of digital records in agency Retention & Disposal Schedule means we are keeping a lot of digital information unnecessarily

M-H M Digital records held in new applications not yet covered by the R&D Schedule

Accept / Reduce

RIM – develop R&D schedule to comprehensively cover digital records

IT / Business – accept cost and complexity of holding more information than we need, for at least the next 3 years

L RIM – part of ongoing business as usual

H

Technical 5 Standard Printers/Scanners throughout Agency are not set up to produce open-format PDF-A files with appropriate technical metadata to support future DC activity

H L All digitise and scanned documents since 2014

Prevent RIM – research, agree and document a DC-appropriate standard set up configuration

IT – arrange for all existing & new devices to be configured to meet this standard asap

RIM – test device outputs to check standard is now met

L RIM – 5 days, working with TAHO & others to develop and document standard configurations

IT – raise Service Desk request to reconfigure devices & oversee contractor onsite

H

Expos

ure dr

aft


Page 21 of 22

Risk Type Risk No

Risk Description Risk Impact

Risk Urgency

Information assets affected

Mitigation approach

Potential Mitigations Effort Level

Effort required to mitigate Priority

Media 6 XYZ research team has 50 boxes of 3.25” floppy disks; no PC has a floppy disk reader of software to enable access

M H Business believes these contain historic research data on child abuse statistics that would be valuable to add to provide longer timeframe analysis data set

Recover/ Accept

RIM - contract DC specialists in TAHO who have necessary legacy IT equipment to copy contents onto CD for appraisal

Business – accept that not all disks may be readable so contents may be lost

M Cost of 50 CDs (assuming we can do copying in-house, supported by advice and tools from TAHO)

Appraisal – 35 hours by business staff

M

Media 7 Planned agency move in 2018 to cloud hosting for all major databases - it is unclear how our important information will be appropriately protected for DC purposes

H M All agency digital information moved to cloud hosting

Prevent IT – ensure all-of-government standards for cloud hosting will be met by preferred supplier and that contract reflects that

Test the Back Out Plan to ensure if agency needed to return to local or alternative hosting it could successfully recover all its data

M IT – included as part of Cloud Supplier tender evaluation and contract negotiation

RIM – supportive research and advice

H

Expos

ure dr

aft


Page 22 of 22

Appendix D: Digital Continuity Workplan (Proposed)

Priority (incl

urgency) Effort Initiative

2016/17 2017/18 2018/19

Jul-Sep Oct-Dec Jan -Mar Apr-Jun Jul-Dec Jan-Jun Jul-Dec Jan-Mar Out years ->

High Low Approved DC Plan & executive champion

High Medium DC Awareness training for all staff Design Deliver

Medium Medium Embed DC into all relevant IT policies Review Update / Approve

Medium Medium Embed DC into all relevant RIM policies Review Update / Approve

Medium Medium Identify ABC legacy data for disposal

Medium Low -Med Review ABC coverage in RD& Schedule & update Schedule Review Update R&D Schedule if required

Medium Medium Plan & test ABC data migration plan

Medium High Improve ABC data quality, including key metadata

Medium High Arrange e-transfer of legacy ABC data to TAHO

Medium Medium Decommission old ABC system & delete unrequired data

Low Low Resolve unreadable EDRMS file formats

High Med-High Progressively update all R&D Schedules to cover all digital info

High Low Set/reset scanner configurations for DC Research Implement

Medium Medium Resolve format update or disposal of XYZ floppy disks

High Medium Ensure DC as part of cloud hosting contract

Key – Risk Type Key – team responsible for leading delivery

People Information Technology (IT)

Software / Application Information Management (IM)

Technical Business

Media

Expos

ure dr

aft