This past week I had the pleasure to attend and present at the ARMA Sacramento Chapter’s record knowledge conference. The presentation focused on Trusted Systems and included an abundance of dialogue with audience members regarding how one should go about making an information system “trusted.” After reflecting on the event, I thought it would be helpful to share some of the key highlights for those who were not in attendance.
Where did the concept of Trusted Systems come from?
In 2007, Government Code (GC §12168.7) was amended to expanded its applicability to more government agencies. As part of the amendment the Secretary of State was tasked with creating regulations to help governmental organizations create and maintain authentic, reliable, and useable records, and to project the integrity of those records for as long as needed.
In developing the regulations the Secretary of State relied heavily on existing Association Information and Image Management (AIIM) guidelines to develop the regulations in place today. The primary document referenced in the regulations is the AIIM ARP-1 2009 Recommended Practice Report. While the regulations can be confusing (CCR §22620.1-8) and the AIIM white paper long, there are really only a few things that you need to know.
What do I need to know about Trusted Systems?
- The regulations only apply to “official records” that are stored in an electronic format.
- You must have two copies of each record stored in geographically separate locations.
- You must ensure that at least one copy of the information is written to media that ensures it can’t be altered, typically referred to as WORM
- You must store records as PDF/A or TIFF, but one must exercise caution with TIFF to ensure that your TIFFs are not in a proprietary format. The use of JPG, PNG, or GIFs for storage of photographs is the one exception.
- You need a formal records policy addressing the requirements for a Trusted System, in addition to a records retention schedule.
- Regular audits of the system – typically performed internally under the guidance of the records policy – must be performed to ensure that the system is being properly used and maintained.
- Trusted Systems likely should have been named Trusted Environments because the procedures that are placed around the handling of electronic information are as important as the technical solution.
ECS Imaging, Inc. and Laserfiche have already assisted many California Government Agencies: Counties, Cities, and Special Districts with implementing Trusted Systems and would be happy to share our experiences with you. Contact us for more information.
Photo credit: Freeimages.com – Pzado