Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Digital Continuity Plan Template
State Information Template No
Digital Continuity Plan Template
Expos
ure dr
aft
Digital Continuity Plan Template
Page 2 of 22
Table of Contents
Document Purpose and Use..…………………….…………………………………………………………………………….3
References……………………………………………………………………………………………………………………………….3
Further information ………………………………………………………….…………………………………………..…………4
Acknowledgements…………………….………………………………………………………………….…………….…………4
Information Security Classification……………………………………………………………………………….…..…....4
Document History……………………………………………………………………………………………….……………………4
Plan Template………………………………………………………………………………….………………………..………….…5
Expos
ure dr
aft
Digital Continuity Plan Template
Page 3 of 22
Document Purpose and Use
This document provides a template for agencies who need to develop and present a plan of action
that addresses digital continuity (DC) risks in their organisation. It provides a framework on which to
base a Digital Continuity Plan. The contents of each section are indicated in [blue] – this text should
be deleted in the final Plan. Sample text is also provided – this should be included, altered, replaced
or the section completely discarded as appropriate to your agency.
The resulting work plan and budget may stand alone as a single project (or a series of projects), or
they may be incorporated in wider RIM plans and budgets.
References
Checklist: Testing for Continuity of a Digital Information Asset, v1.0, July 2013, TAHO
Information Management Advice 37 – Keeping Digital Records Accessible, v2.0, March 2015,
TAHO
Information Management Advice 38 – Information Asset Owners and Digital Continuity, v2.0,
March 2015, TAHO
Information Management Advice 56 – Management of Digital Records on a Shoestring Budget,
v2.0, April 2015, TAHO
Introduction to Risk Management, Advice 60 Part One, May 2015, TAHO
Managing Digital Continuity, UK National Archives online advice,
http://www.nationalarchives.gov.uk/information-management/manage-information/policy-
process/digital-continuity/
New Zealand Digital Continuity Action Plan, 2009, Archives New Zealand.
Whilst references to this document are easily findable online, the document itself no longer appears to
be accessible online – an example of loss of digital continuity at least for parties external to Archives
New Zealand
State Records Guideline 19: Digital Preservation Formats, v2.0, June 2015, TAHO
Expos
ure dr
aft
Digital Continuity Plan Template
Page 4 of 22
Further Advice
For more detailed advice, please contact:
Government Information Strategy Unit
Tasmanian Archive and Heritage Office
91 Murray Street
HOBART TASMANIA 7000
Telephone: 03 6165 5581
Email [email protected]
Information Security Classification
This document has been security classified using the Tasmanian Government Information Security
classification standard as PUBLIC and will be managed according to the requirements of the
Tasmanian Government Information Security Policy.
Document Development History Build Status
Version Date Author Reason Sections
1.0 19 Dec 16 Alison Fleming First release All
Amendments in this Release
Section Title Section Number Amendment Summary
This is the first release of this document.
Issued: unpublished
Ross Latham State Archivist
Expos
ure dr
aft
Digital Continuity Plan Template
Page 5 of 22
< insert Agency Name & logo>
Digital Continuity Plan
Date Approved: <insert date>
Expos
ure dr
aft
Digital Continuity Plan Template
Page 6 of 22
Table of Contents
1. Context ....................................................................................................................................................................... 7
1.1 What is digital continuity? ................................................................................................................................... 7
1.2 Why it has become important ? ......................................................................................................................... 7
1.3 Generic Digital Continuity Risks and Responses ............................................................................................. 8
2. Our Digital Continuity Principles ......................................................................................................................... 9
3. Our Digital Continuity Risks ................................................................................................................................ 10
3.1 Digital Continuity Risk Assessment Approach ............................................................................................... 10
3.2 Digital Continuity Risk Register ....................................................................................................................... 12
4. Digital Continuity Work Plan .............................................................................................................................. 13
4.1 Objectives ........................................................................................................................................................... 13
4.2 Prioritisation Approach ..................................................................................................................................... 13
4.3 Roles and Responsibilities ................................................................................................................................ 14
4.4 Projects and Initiatives ...................................................................................................................................... 15
5. Required Resources ............................................................................................................................................... 15
5.1 Specialist expertise and advice ........................................................................................................................ 15
5.2 Specialist equipment and tools........................................................................................................................ 15
5.3 Budget ................................................................................................................................................................. 16
6. Key Performance Indicators ................................................................................................................................ 16
Appendix A: Generic Responses to Digital Continuity Risks ........................................................................... 17
Appendix B: Types of Digital Continuity Risk ..................................................................................................... 18
Appendix C: Digital Continuity Risk Register...................................................................................................... 20
Appendix D: Digital Continuity Workplan (Proposed) ..................................................................................... 22
Expos
ure dr
aft
Digital Continuity Plan Template
Page 7 of 22
1. Context
1.1 What is digital continuity?
[Insert definition of digital continuity]
Sample text:
The UK National Archives defines Digital Continuity (DC) as “the ability to use digital
information in the way that you need, for as long as you need.” This requires that digital
information is able to be used by the business and its current – and future - stakeholders,
for as long as they need it and no longer.
1.2 Why it has become important ?
[Insert brief explanation of generic digital continuity challenges that pose risks for electronic
records]
Sample text:
Digital continuity is a rapidly growing problem because:
There is now a strong and increasing public sector dependence on electronic
information.
Creating digital information is easy – this has led to huge volumes of it being stored
and used, as well as ongoing challenges with how to describe and manage it all in ways
that give it ongoing meaning and value.
The extremely rapid rate of technological change means that electronic file formats
and business software change relatively frequently – and with each change comes the
opportunity for important information to be lost.
Electronic storage media (e.g. memory sticks, disk, magnetic tape) are not very durable,
so the information on them does not last as long as paper records (typically 5 years
instead of 50+ years).
Public sector agencies have moved well away from a past where (paper-based)
processes for recording key business information were clearly prescribed and well
understood by staff who often had long careers in the public sector. Now the ever-
changing nature of electronic information means processes for creating, describing,
storing and managing it are less clear, and less well understood or rigorously followed.
Staff moving between jobs more often also reduces the institutional knowledge that
once backed up the recorded knowledge of the agency.
Whilst the processes to preserve paper are well understood and the ability to make a
copy is straightforward, preserving digital records long term can be much more difficult
and time consuming. Unless the right actions are taken as information is created, the
Expos
ure dr
aft
Digital Continuity Plan Template
Page 8 of 22
success of later DC actions will be dependent on a mixture of historic hardware,
software, metadata and user knowledge that may not still be available.
There is a tendency never to get rid of digital information, on the mistaken
assumption that “disk is cheap”. However maintaining access to digital information is
expensive, so ensuring we do not keep or manage digital information any longer than
we need to is important.
1.3 Generic Digital Continuity Risks and Responses
[Insert brief explanation of generic responses to avoid or mitigate DC risks]
Sample text:
Common digital continuity risks include:
Digital information is stored on devices or in systems that are not well organised or
documented, so that we do not actually know what the important information is and
therefore what we should focus continuity effort on.
Digital information lacks sufficient metadata to ensure it remains usable and can be
preserved if necessary. Such metadata needs to cover:
o the context in which this information was created;
o other information it links to;
o administrative information about its creation (author, date last changed,
version etc);
o audit trail log information and formal audit findings to provide evidence of
changes that support its authenticity; and
o technical information1 to support future preservation activity if required.
Digital files are received from external sources with digital rights management
settings2 which may prevent their long term access or preservation.
Digital file formats become obsolete over time, meaning the information in them can
no longer be accessed easily.
The surface of electronic storage media degrades over time, meaning the information
on them can no longer be read. Like lightbulbs, even relatively new digital storage
can fail without warning, rendering it no longer readable.
1 Technical information includes such metadata as for example file size, file format, application it was created by, specific information
dependant on file type (e.g. for an image that might include the number of pixels). 2 Wikipedia defines Digital Rights management (DRM) schemes are various access control technologies that are used to restrict
usage of copyrighted works. DRM technologies try to control the use, modification, and distribution of copyrighted works (such as software and multimedia content)…. Works can become permanently inaccessible if the DRM scheme changes or if the service is discontinued.” Whilst public sector agencies normally prevent staff from applying DRM settings to work files, we cannot control what external people (e.g. customers, private businesses) may do.
Expos
ure dr
aft
Digital Continuity Plan Template
Page 9 of 22
As business software applications are upgraded or replaced, information must be
transferred to new formats or database structures that are not always 100%
compatible with the old one, meaning some information (content and / or metadata,
important document formatting, macros and formulas, links between files or
documents etc) may be lost.
Whilst most people have experienced loss of digital information in their private lives
(e.g. they can no longer access a scratched CD-ROM, or a floppy disk because there
is no floppy disk drive on their PC), they remain unaware of what this could mean in
a business context
Most organisations lack the specialist knowledge and equipment to undertake digital
preservation.
Responses to these risks and challenges fall into four broad categories:
Prevent or reduce the likelihood of digital loss or degradation
Recover from identified digital loss or degradation
Reduce the size of actual or potential problem
Accept the risk of digital loss or degradation.
Appendix A gives examples of actions that fall into each of these response categories.
2. Our Digital Continuity Principles
[Insert brief statement about the Principles we have adopted to guide digital continuity and its planning in our organisation]
Sample text:
In developing this digital continuity plan we have adopted the following Principles to guide
our decision making:
Principle 1: There when we need it
Our important information will be maintained so that it can be accessed for as long
as it is needed.
Principle 2: Authentic and reliable
Our important information is tamper-proof and free from digital rights
management restrictions.
Principle 3: Trusted access
Tasmanians can be confident that they will be able to find, retrieve and use all our
digital information that can be made publically available, and that their sensitive
information will be protected from unauthorised access.
Principle 4: Preserve only for as long as required
We keep important digital information for as long as it is required, but no longer.
Whilst some may become permanent archives, much will not and will be actively
managed through the retention and disposal process. We also do not waste digital
preservation focus on information that is not important.
Expos
ure dr
aft
Digital Continuity Plan Template
Page 10 of 22
3. Our Digital Continuity Risks [NOTE: if no assessment of DC risks has yet been undertaken, leave this section out and make DC risk assessment the first action in the DC Workplan.]
3.1 Digital Continuity Risk Assessment Approach
[Insert a brief statement about what digital continuity risk assessment has been undertaken.]
Sample text:
Our approach to identifying digital continuity risks has been:
1. Know what we have
We first identified the major information assets and their key characteristics, as a
necessary prerequisite to any assessing how at risk they are.
Characteristics of interest included:
the information content (what is this about)
business value (why created/how used)
usage frequency (including when last accessed, if not current)
age (when created)
length of time likely to need future access (retention requirements)
volume/amount (e.g. size of database, number of documents/files)
metadata available (including information context, links to other information /
records / transactions, technical file information)
storage media and location (e.g. personal drive, USB, cloud storage, shared
workspace)
file or database format (e.g. Word, PDF-A, SQL database etc).
Much of the information was able to be sourced from the <Agency> Information Assets
Register / Vital Records Register maintained by the RIM Team; other details were
identified in discussion with information asset owners and relevant IT staff.
2. Identify highest value/most important information assets:
Working on the principle that the greatest effort should be put into the items of most
value, we worked to identify those information assets in the high value category.
We first noted those information assets already identified as Vital records by the RIM
Team and/or already noted those information assets already identified as high value in
Expos
ure dr
aft
Digital Continuity Plan Template
Page 11 of 22
the Information Assets Register, since these are already deemed to be of high
importance.
We found some entries in the Information Assets register already had value ratings that
were not ‘high – while these may also be at risk, our limited resources will be directed
first at addressing DC risks for high value information assets, so we ignored these.
This left us with a range of information assets with no current value rating. For these we
worked through an appraisal process with information asset owners to determine an
objective “information value” rating for each. These value ratings were derived from
considering the standard criteria used in appraisal of public sector records3:
Authority and structure of government
Functions and program of government
Accountability of government
Rights and entitlements of individuals
Tasmanian society and culture
Environmental management and change.
Alongside this we also undertook a legislative review in relation to the retention and
accessibility requirements for these records, and looked at business risks that would arise
if they were compromised or lost. In this way we were able to consider both the value the
wider community would place on these records and their value to the business.
Based on this complete picture, each information asset received a value rating on a scale
of 1 (low value - loss would cause little or no impact) to 5 (high value – loss would mean
major political and business embarrassment; loss of entitlement proof for citizens;
inability of government to justify key decisions and undertake critical work, high potential
for litigation or liability on behalf of agency, major failure to comply with legislative or
regulatory requirements).
3. Update documentation:
The <Agency> Information Assets Register has been updated with this information,
including the value ratings, to provide a mechanism for tracking DC progress for future
planning.
3 Appraisal Statement for State Records Required as State Archives, v1.0, February 2015, TAHO,
https://www.informationstrategy.tas.gov.au/Records-Management-
Principles/Document%20Library%20%20Tools/Appraisal%20Statement%20for%20State%20records%20required%20as%2
0State%20Archives.pdf
Expos
ure dr
aft
Digital Continuity Plan Template
Page 12 of 22
4. Assess DC risks of highest value information assets:
Using relevant TAHO and UK National Archives4 published advice, and with support from
the TAHO Collections DC staff, staff from the relevant business unit plus the RIM and IT
teams jointly assessed the DC risks for each of our high value information assets,
including Vital records.
To help identify our DC risks we looked at four risk categories
a. People risks (e.g. poor following of processes, entry of poor quality metadata, lack
of DC understanding)
b. Software application risks (e.g. poor configuration, lack of security, version
changes);
c. Technical risks (e.g. underlying operating system/database changes etc,
proprietary or obsolescent file formats);
d. Media risks (e.g. use of low quality media, existence of unreadable or damaged
storage media).
These DC risk types, including examples of common causes and consequences, are
discussed further in Appendix B.
Some of the DC risks are organisational and apply to all agency information; others relate
to specific information assets. We recorded these in a DC Risk Register, including the
likelihood and urgency of each risk on a high-medium-low scale (as per the agency Risk
Management Framework).
5. Identify potential mitigating actions
Potential mitigations for reducing the likelihood or urgency of each risk were also
brainstormed and recorded.
3.2 Digital Continuity Risk Register
[Insert details of DC risks identified]
Sample text:
See Appendix C for the <Agency> Digital Continuity Risk Register.
4 Information Management Advice 37 – Keeping Digital Records Accessible, v2.0, March 2015, TAHO
Information Management Advice 38 – Information Asset Owners and Digital Continuity, v2.0, March 2015, TAHO
Managing Digital Continuity, UK National Archives online advice, http://www.nationalarchives.gov.uk/information-
management/manage-information/policy-process/digital-continuity/
Expos
ure dr
aft
Digital Continuity Plan Template
Page 13 of 22
4. Digital Continuity Work Plan
4.1 Objectives
[Insert brief statement about what this Plan is trying to achieve, and its timeframe – this needs to be appropriate to where the agency is on the path from just starting to think about DC to being mature in addressing and managing DC risks]
Sample text:
The objectives of this Digital Continuity Plan are to:
a. provide visibility of key DC risks to our most important information assets at
management level.
b. establish a programme of educating staff about DC risks.
c. identify and implement standards and processes that will reduce the likelihood of
increased DC risk in the future.
d. establish how ongoing identification and mitigation of DC risks for high
value/high risk information assets can be managed.
4.2 Prioritisation Approach
[Insert brief statement about how DC risks have been prioritised for action]
Sample text:
In identifying the priority for addressing DC risks the following factors have been weighed:
value of the information (including political and future community interest)
level and urgency of DC risk – if the risk likelihood is both high and imminent then
the priority for action needs to be higher
availability of viable options to address risk – is there anything we can actually do or
is it too late? Is there an acceptable work around?
effort required to address risk - e.g. volume of information, complexity of mitigation,
availability/affordability of required specialist knowledge or equipment, number of
people, other costs. Could this risk be wholly/partially mitigated through a project
already being undertaken (e.g. considering long term digital records as part of
developing a new Retention and Disposal Schedule; ensuring a business project to
digitise customer records uses a scanning process that results in open format files
with good technical metadata to lengthen the timeframe they will be accessible for).
This detail has been added to the DC Risk Register (Appendix C).
Expos
ure dr
aft
Digital Continuity Plan Template
Page 14 of 22
4.3 Roles and Responsibilities
[Insert brief statement about who is responsible for ensuring the continuity of electronic records, and how these roles need to work together]
Sample text:
Role Responsibility
Information Asset
Owner
Overall responsibility for ensuring information asset remains
accessible for as long as required by all who need to use it
Understand DC risks related to their information assets
Provide information about business value and ongoing/future
use
Information
Management (IM)
Manager
Maintain Information Assets Register, including relevant DC
information on each significant information asset
Ongoing education of agency management and staff about DC
risks
Develop DC Plan, in collaboration with Information Asset
Owners and IT Manager
Manage/oversee projects and initiatives approved in DC Plan
Ongoing measurement and reporting of DC KPIs
Information
Technology (IT)
Manager
Understand the DC risks related to information assets
Collaborate with RIM Manager to identify DC priorities and
viable DC risk mitigation actions
Risk and Audit
functions
Understand the DC risks related to information assets
Capture key DC risks into agency Risk Register where
appropriate
Monitor key DC risks over time
RIM & IT staff Increase understanding of DC so can become sources of trusted
advice to agency staff
Understand the DC risks related to information assets
Undertake mitigation activity as required by approved DC Plan
External DC Specialists Provide specialist knowledge, advice, equipment and resources
as required
Government
Information Strategy
Unit, TAHO
Provide DC guidance and standards where appropriate
Connect agency to others tackling similar challenges, to help
develop a community of learning
May be able to provide access to legacy systems/platforms (e.g.
old technology, obsolete operating systems and other software
such as device drivers) in order to retrieve information from
obsolete or unsupported media.
Expos
ure dr
aft
Digital Continuity Plan Template
Page 15 of 22
4.4 Projects and Initiatives
[Insert Workplan of activities to be undertaken to address priority risks. Include indicative timeframe, which may be this year or a longer period (e.g. 1-5 years).]
Sample text:
The Proposed DC Workplan is in Appendix D.
The DC projects and initiatives to be undertaken in the next financial year are those required
to mitigate DC risks noted as High priority in the DC Risk Register.
Actions to mitigate other DC risks have been identified for potential action in years 2-3, but
the DC Plan will be reviewed at least annually and the DC Workplan updated as a result.
5. Required Resources
5.1 Specialist expertise and advice
[Insert details of skills and expertise required, specialist (external) advice, and additional staff resources (e.g. for migration testing, disposal etc) that will be required to undertake this work, above and beyond business-as-usual resourcing.]
Sample text:
RIM staff have some understanding of digital continuity but will need to upskill in
preparation for developing and delivering agency-wide DC training. They will also require
some specialist external advice, which can be provided by TAHO free of charge, or paid for
by major projects where required to support them.
5.2 Specialist equipment and tools
[Insert details of special hardware, software and any other equipment and tools that will be required to undertake this work, above and beyond business-as-usual resourcing.]
Sample text:
To resolve the issue of the EDRMS holding a small number of unknown file types, IT will
need to source and download legacy file format readers, and set these up in a simulated
legacy operating system environment. These may be sourced from the TAHO Collections
team.
If successful this will enable legacy files to be opened and resaved in a more modern format.
Where readers still exist for the problem formats they are readily available free of charge
from the web.
Expos
ure dr
aft
Digital Continuity Plan Template
Page 16 of 22
5.3 Budget
[Insert details of additional costs involved in paying for the above additional resources or need for any other resources (eg additional temporary cloud storage).]
Sample text:
The Proposed DC Workplan assumes that many of the required activities will be completed
as part of business as usual for the IT and RIM teams, or as part of the planned and
separately resourced ABC Register replacement, Cloud Hosting projects.
Cost of contracting the scanner supplier to check and update the configuration of all
scanner devices to ensure DC compatibility = $1,800 (note: assumes can be done as part of
normal maintenance, which will incur some hourly-rate cost but avoid travel/call out
charges).
Cost for contracting DC specialists in XYZ Company to read and recover information off
floppy disks = $2,000 (estimated) – TAHO have indicated they expect to be able to facilitate
our doing this work ourselves by providing appropriate training/support/tools/equipment.
This amount is a contingency in case we are not able to do this work in-house.
6. Key Performance Indicators
[Identify a small range of measures that will demonstrate the value this work has provided – these need to be meaningful to the organisation.]
Sample text:
The following measures have been identified to help identify if we are improving our DC
capability:
Number of files in EDRMS and shared drives with unknown file format (target <100
ongoing)
Number of items of old media (can’t be read) awaiting resolution (target < 30 pa)
% staff able to identify and discuss a DC issue related to their work, and its mitigations
(target 80% by July 2017)
20% increase in staff reporting they are able to find and open the files they need for
their work (annual survey)
% scanned files meeting open file format standards (target 100% by July 2017, then per
annum check)
% (relevant) IM/IT policies/contract templates with DC embedded in them (target 100%
by December 2019)
Coverage of digital records in agency R&D Schedule(s) complete by December 2019
These measures will be reported in the RIM Quarterly Report to the Senior Responsible
Officer (SRO) and Risk Committee, along with progress on delivering the agreed DC
Workplan.
Expos
ure dr
aft
Digital Continuity Plan Template
Page 17 of 22
Appendix A: Generic Responses to Digital Continuity Risks
Generic response Examples of mitigations in this response category For Against
Prevent or reduce
likelihood of digital
loss or degradation
Education to avoid poor practice
Regular testing of recovery processes from backups
Automation to increase good quality capture (e.g. of
technical metadata capture)
Standardisation of file formats
Use of audit trail logging and internal or external audit to
ensure integrity maintained
Adoption of high quality storage media
Replacement of all storage media after maximum 5 years
Planned migration during system replacement
Careful configuration setting in new software and
equipment to ensure appropriate formats created and
metadata captured
Simplest and most cost effective to
prevent problem arising in first place
wherever possible
Cultural resistance to seeing
necessity
Recover from
identified digital
loss or degradation
Recreate records through digitisation, manual entry,
collation of other records etc
Controlled migration to more modern electronic format
If records of high value this may be
the only option, and will at least
partially retain the format and context
information
Recreation may not be possible
if source records do not exist
Cost may be high and process
time consuming
Reduce size of
actual or potential
problem
Identify and remove duplicate, redundant and transitory
digital information
Reduce electronic records held through disposal
Transfer electronic records to another agency (e.g. TAHO)
R&D Schedule not complete or
approved, therefore some digital
information not currently able to be
disposed of
At risk records may still be needed by
the business
Cannot dispose of high value
records
TAHO may not be ready to
accept electronic records
Accept risk of
digital loss or
degradation
Do nothing May be a good option if cost high,
lifespan short, value low, multiple
versions or alternative formats exist)
Not appropriate if high value
and high risk
Expos
ure dr
aft
Digital Continuity Plan Template
Page 18 of 22
Appendix B: Types of Digital Continuity Risk
Risk Category Description Examples of Potential Causes Examples of Potential Consequences Examples of questions asked to identify existence of potential risks in this category
PEOPLE Risks caused by poor process or lack of knowledge/action
Lack of DC awareness Lack of culture of treating record keeping as important Lack of clear standards for naming conventions,
minimum required metadata Lack of DC understanding in RIM Team means they are
unable to spot potential DC risks or advise on appropriate actions
Poorly described records Poorly connected records (to other related
records, wider context information) Records kept in inappropriate places or
formats (e.g. local hard drives, personal USB drives)
DC risks not identified so no remedial or preventative action taken
Have staff attended DC awareness training? Are DC risks and issues considered in all relevant
policies, plans and Risk Registers? Are staff diligent in creating records for this
information asset (or not)? Are there clear standards & guidelines for
minimum metadata and descriptions? Can records be discovered by searching on
common metadata fields? Can records be understood in terms of
identifying their context? Are RIM staff confident in conducting DC risk
workshops with business staff? Is there basic DC advice available on the
Intranet? Are RIM staff confident about providing
responses to DC concerns, or know where they can get help?
SOFTWARE APPLICATIONS
Risks related to applications that are poorly configured during implementation, undergo version changes, lack basic record keeping functionality
Lack of ability to maintain an audit trail of changes to records
Appropriate access security to control who can see/change/delete records not implemented or maintained
Application not configured during implementation to collect quality metadata
Functionality changes introduced during upgrades/version releases result in the potential for loss of important metadata or formatting
Lack of sufficient planning/testing of legacy data migration during implementation of a replacement application results in content or metadata loss
Integrity of records is compromised and they cannot be relied on
Lack of sufficient/quality metadata means context of records cannot be understood
Does this application log minimum metadata about record creation, change, deletion and access right changes?
Does this application allow access groups and the application of access control at record and group/folder level?
Does the application enforce data validation and mandatory entry requirements for minimum metadata?
Does this application manage versions of records and transactions so they can be identified?
Do we have significant volumes of duplicate or temporary information in this application, that has not been disposed of?
Is there a clear standard for metadata and formats of digitised files, and does scanning software conform to this standard?
For applications being upgraded or replaced is there a careful migration plan that accounts for all critical metadata and contents, that RIM staff have had input into?
Do all links and embedded objects still work as
Expos
ure dr
aft
Digital Continuity Plan Template
Page 19 of 22
Risk Category Description Examples of Potential Causes Examples of Potential Consequences Examples of questions asked to identify existence of potential risks in this category
originally intended? Is there any evidence of corrupted
files/databases? Is the information encrypted in this asset and if
so do we have the encryption keys securely stored for future reference?
Does migration testing thoroughly cover all aspects of metadata and format change?
TECHNICAL Risks related to records access being reliant on computer hardware, operating and database software and file formats that over time become obsolescent
Keeping old applications/databases on assumption we will be able to open them again if we need them, without checking that is possible before upgrading servers, operating systems, database management software, display tools and other items the application is dependent on
Lack of old device driver software means obsolete disk drives and other hardware no longer works with the operating system
Use of proprietary (closed) file formats increases likelihood of formats changes over time that we are unaware of
Lack of control over allowable file formats leads to many unrecognisable formats being in use
Records reliant on old hardware or operating/database software no longer able to be accessed
Disk drives, cassettes etc not able to be read because reader device cannot talk to the operating system
Files cannot be opened because formats not recognised
Files in old formats can be opened but lose critical formatting or metadata
Very large variety of file formats or use of uncommon formats makes the time and cost of providing ongoing access when formats change over time prohibitive
Is this application being run on outdated hardware of software?
Is access to old storage devices tested regularly to ensure it still operates (particularly before and after operating system and hardware upgrades)?
Is there an agreed (limited) list of acceptable file formats, and does it include only open formats (e.g. PDF/A, XML etc) or very popular proprietary formats (e.g. Word)?
Does this information asset rely on any formats that are no longer in common use in our organisation? If so is there a clear migration plan in place?
MEDIA Risks related to using low quality media, or to records in existence on unreadable, obsolete, unstructured or damaged media
Lack of DC awareness Storage media is not tracked over time, or is forgotten
about when people move on, so contents are unknown (especially local devices)
Difficult-to-use formal systems mean people resort to holding records on local or temporary digital storage
Poor media handling practices result in damage Lack of continuity planning to enable recovery of
records if media were to fail
Records kept on inappropriate media Poor quality storage devices used Storage devices not carefully managed to
avoid being harmed Storage media fails or is damaged and
records on it are inaccessible; and if no backup exists the records are lost
Have staff attended DC awareness training? Is there evidence of obsolete or damaged media
(e.g. floppy disks, old USBs)? Is there evidence of unlabelled media (i.e.
contents, and therefore value, uncertain)? Is there evidence that staff are holding important
information in emails, local drives, personal devices?
Are high value information assets regularly backed up, and are restores from those backups regularly tested?
Is information being stored in an unstructured way that prevents agency knowledge of their existence or contents?
Expos
ure dr
aft
Digital Continuity Plan Template
Page 20 of 22
Appendix C: Digital Continuity Risk Register NOTE: risk impact is not included as only high value/importance information assets have been assessed (therefore impact is assumed to always be High)
Risk impact assessed as per Agency Risk Management Framework. Where risk impact is unknown (e.g. because contents of files or media is unreadable) risk impact is rated based on business unit input of likely value.
Mitigation approaches: Risk types:
prevent/reduce likelihood people risks (e.g. poor following of processes, poor descriptions or metadata entry)
recover software application risks (eg poor configuration, lack of security, loss during migration, version upgrades)
reduce impact technical risks (eg underlying operating system/database changes, proprietary or obsolescent file formats)
accept media risks (e.g. use of low quality media, existence of unreadable or damaged media)
[Examples should be replaced with details of actual DC risks identified for agency]
Risk Type Risk
No Risk Description Risk
Impact Risk
Urgency Information assets affected
Mitigation approach
Potential Mitigations Effort Level
Effort required to mitigate Priority
People 1 Users aware of DC risks in personal life but don’t translate into potential impact at work; therefore express unwillingness to enter basic metadata, manage removable media carefully, store records in EDRMS etc
M M All user-created information potentially
Reduce RIM - high level sign off of DC Plan, with executive champion to raise importance
RIM – review RIM & IT policies to assess how DC could be embedded in them
RIM - education sessions for all staff, team by team
L-M RIM – business as usual initiative under ongoing RIM training programme
IT – BA and Information Architect review of metadata rules implementation in systems
M - H
Software/ Application
2 Implementation of new ABC Register application in 2020 will require migration of 500,000 customer records; all information must be available in perpetuity but agency only requires information since 2014 for business reasons; some data is of poor quality
H H All customer records in existing system
Prevent/ Reduce
RIM – work with business and IT to identify data that can be disposed of ; ensure appropriate R&D schedule developed if not already in place
Business – define future data quality standard; identify legacy data not at this standard
IT – develop and thoroughly test the data migration plan
RIM - support plan development and business testing
IT – decommission legacy application
RIM – with IT help arrange e-transfer to TAHO of pre-2014 records
H IT – 2 FTE testers for 5 months, as part of PFQ project
IT – developer to write scripts for automated update of poor quality data where possible
RIM – estimated 35 person days across project + 40 person days for e-transfer
Business – estimate 2FTEs for 3 months to cleanse data, test trial migration, test results of real migration
M
Software/ Application
3 EDRMS contains about 300 files with file extensions that are not recognised by today’s software
H M Documents provided by ABC business unit customers for old transactions (> 5 years ago), uncertain exactly what contents are
Recover RIM & IT – work together on identifying a limited range of file formats (preferably open and/or very high use proprietary formats) that will be allowable in future
IT - download legacy application reader software & related operating system (or acquire from TAHO), so that files can be opened and re-saved in a newer format (with some potential loss of internal file format)
L IT – one developer day to locate, install and test legacy software reader
Business – review file contents once saved in new format and revise assessment of value
L
Software/ Application
4 Lack of full coverage of digital records in agency Retention & Disposal Schedule means we are keeping a lot of digital information unnecessarily
M-H M Digital records held in new applications not yet covered by the R&D Schedule
Accept / Reduce
RIM – develop R&D schedule to comprehensively cover digital records
IT / Business – accept cost and complexity of holding more information than we need, for at least the next 3 years
L RIM – part of ongoing business as usual
H
Technical 5 Standard Printers/Scanners throughout Agency are not set up to produce open-format PDF-A files with appropriate technical metadata to support future DC activity
H L All digitise and scanned documents since 2014
Prevent RIM – research, agree and document a DC-appropriate standard set up configuration
IT – arrange for all existing & new devices to be configured to meet this standard asap
RIM – test device outputs to check standard is now met
L RIM – 5 days, working with TAHO & others to develop and document standard configurations
IT – raise Service Desk request to reconfigure devices & oversee contractor onsite
H
Expos
ure dr
aft
Digital Continuity Plan Template
Page 21 of 22
Risk Type Risk No
Risk Description Risk Impact
Risk Urgency
Information assets affected
Mitigation approach
Potential Mitigations Effort Level
Effort required to mitigate Priority
Media 6 XYZ research team has 50 boxes of 3.25” floppy disks; no PC has a floppy disk reader of software to enable access
M H Business believes these contain historic research data on child abuse statistics that would be valuable to add to provide longer timeframe analysis data set
Recover/ Accept
RIM - contract DC specialists in TAHO who have necessary legacy IT equipment to copy contents onto CD for appraisal
Business – accept that not all disks may be readable so contents may be lost
M Cost of 50 CDs (assuming we can do copying in-house, supported by advice and tools from TAHO)
Appraisal – 35 hours by business staff
M
Media 7 Planned agency move in 2018 to cloud hosting for all major databases - it is unclear how our important information will be appropriately protected for DC purposes
H M All agency digital information moved to cloud hosting
Prevent IT – ensure all-of-government standards for cloud hosting will be met by preferred supplier and that contract reflects that
Test the Back Out Plan to ensure if agency needed to return to local or alternative hosting it could successfully recover all its data
M IT – included as part of Cloud Supplier tender evaluation and contract negotiation
RIM – supportive research and advice
H
Expos
ure dr
aft
Digital Continuity Plan Template
Page 22 of 22
Appendix D: Digital Continuity Workplan (Proposed)
Priority (incl
urgency) Effort Initiative
2016/17 2017/18 2018/19
Jul-Sep Oct-Dec Jan -Mar Apr-Jun Jul-Dec Jan-Jun Jul-Dec Jan-Mar Out years ->
High Low Approved DC Plan & executive champion
High Medium DC Awareness training for all staff Design Deliver
Medium Medium Embed DC into all relevant IT policies Review Update / Approve
Medium Medium Embed DC into all relevant RIM policies Review Update / Approve
Medium Medium Identify ABC legacy data for disposal
Medium Low -Med Review ABC coverage in RD& Schedule & update Schedule Review Update R&D Schedule if required
Medium Medium Plan & test ABC data migration plan
Medium High Improve ABC data quality, including key metadata
Medium High Arrange e-transfer of legacy ABC data to TAHO
Medium Medium Decommission old ABC system & delete unrequired data
Low Low Resolve unreadable EDRMS file formats
High Med-High Progressively update all R&D Schedules to cover all digital info
High Low Set/reset scanner configurations for DC Research Implement
Medium Medium Resolve format update or disposal of XYZ floppy disks
High Medium Ensure DC as part of cloud hosting contract
Key – Risk Type Key – team responsible for leading delivery
People Information Technology (IT)
Software / Application Information Management (IM)
Technical Business
Media
Expos
ure dr
aft