Security

DEFINITION: Contemporary enterprise-wide information systems typically execute a number of shared or common services that may include inter-process communication, name services, temporary storage allocation, exception handling, role based access rights, security, backup and business continuity, and directory services, among others. An ISO 14721/ISO 16363 conforming archival repository is likely to be part of an information system that may routinely provide some or perhaps all of the core security, backup, and business continuity services including firewalls, role based access rights, data transfer integrity validations, logs for all preservation activities, including failures and anomalies to demonstrate an unbroken chain of custody.
 
 Level 0   Currently, the archival repository does not have formal disaster recovery, backups, or firewall procedures in place to protect the security of electronic records.
 Level 1 The security of electronic records in the archival digital repository is protected through disaster recovery procedures.
 Level 2 The security of electronic records in the archival digital repository is protected through a comprehensive firewall protection.
 Level 3 The security of electronic records in the archival digital repository is protected through a comprehensive role based access rights management.
 Level 4 The archival repository continuously monitors security protection processes and revises them in response to evolving technology capabilities and changing business requirements.

 

Resources

Resources associated with the Security Framework element assists with providing background information and useful examples that can be consulted when trying to develop appropriate procedures and policies for a secure environment in which the electronic records are stored. 

Definition

Contemporary enterprise-wide information systems typically execute a number of shared or common services that may include inter-process communication, name services, temporary storage allocation, exception handling, role based access rights, security, backup and business continuity, and directory services, among others. An ISO 14721 conforming archival repository is likely to be part of an information system that may routinely provide some or perhaps all of the core security, backup, and business continuity services including firewalls, role based access rights, data transfer integrity validations, logs for all preservation activities, including failures and anomalies to demonstrate an unbroken chain of custody.

Level 0

The archival repository does not have formal disaster recovery, backups, or firewall procedures in place to protect the security of electronic records.

Move to Level 1: Develop disaster recovery procedures. To do this identify both immediate and not so immediate dangers and develop appropriate responses.

Jump to Level 2: In addition to having a disaster recovery plan in place, ensure that a firewall is being used to protect data from inappropriate access.

Level 1

The security of electronic records in the archival digital repository is protected through disaster recovery procedures. 

Move to Level 2: In addition to having a disaster recovery plan in place, ensure that a firewall is being used to protect data from inappropriate access.

Jump to Level 3:

Level 2

The security of electronic records in the archival digital repository is protected through a comprehensive firewall protection. Firewall Example from Kentucky (link) (hover over text)

Move to Level 3: Include a role based access rights management module to protect digital resources from unauthorized access.

Jump to Level 4: Continuously monitor security protection processes [including disaster recovery, firewalls, and access rights] and revise them in response to evolving technology capabilities and changing business requirements.

Level 3

The security of electronic records in the archival digital repository is protected through a comprehensive role based access rights management. Role based access rights examples (link) (hover over text)

Move to Level 4: Continuously monitor security protection processes [including disaster recovery, firewalls, and access rights] and revise them in response to evolving technology capabilities and changing business requirements.

Level 4

The archival repository continuously monitors security protection processes and revises them in response to evolving technology capabilities and changing business requirements.

Helpful Hints

Addressing Level 3, simple steps to take to protect your digital records include reviewing access to network areas.  Limit access to those who need access to particular areas.  For example, limit access to department folders by department staff.  Or limit access to digital preservation and/or access repositories to only those that MUST have access.  This can be done by setting up role based access.  

More details on the security issues referenced in this Framework element are listed below. 

Disaster Recovery Resources

Firewall Protection

Role Based Access Systems

Get the CoSA News Brief

Stay Connected