Security

DEFINITION

Contemporary enterprise-wide information systems typically execute shared or common services that may include inter-process communication, name services, temporary storage allocation, exception handling, role-based access rights, security, backup and business continuity, and directory services, among others. An ISO 14721 conforming digital repository is likely to be part of an information system that may routinely provide some or perhaps all the core security, backup, and business continuity services including firewalls, role-based access rights, data transfer integrity validations, logs for all preservation activities, including failures and anomalies to demonstrate an unbroken chain of custody.

The digital repository does not currently have formal disaster recovery, backups, or firewall procedures in place to protect the security of permanent electronic government records.

Move Up to Level 1:

Review existing protocols with technical staff supporting the systems and servers where permanent electronic records are stored. Identify threats to the integrity, availability, and authenticity of the records and work with IT support staff to identify gaps and develop appropriate procedures for continuity and disaster recovery.

The security of permanent electronic records in the digital repository is protected through disaster recovery procedures.

Move Up to Level 2:

Assess system security and ensure that a firewall is being used to protect data from inappropriate access.

The security of permanent electronic records in the digital repository is protected through comprehensive firewall protection.

Move Up to Level 3:

Develop a role-based access rights management schema to protect digital resources from unauthorized access and work with internal and/or external IT support staff to put in place.

The security of electronic records in the archival digital repository is protected through comprehensive role-based access rights management.

Move Up to Level 4:

The Archives actively monitors security protection processes for the digital repository including disaster recovery operations, firewalls, and access rights to collections. The Archives proactively collaborates with IT support to manage business and technology changes.

The digital repository continuously monitors security protection processes and revises them in response to evolving technology capabilities and changing business requirements.

Sustain Level 4:

The Archives monitors security for its growing digital repository and proactively engages with IT support to respond to evolving changes in technologies and business needs.


HELPFUL HINTS

As state and territorial archives establish and expand their digital repositories for government records and other permanent assets, resources, and coordinated capabilities to ensure a secure and trustworthy infrastructure are critical. In recent years, public sector institutions at all levels have significantly increased security protections on their computer networks to address threats and risks. The COVID-19 pandemic and shift to remote work heightened the need for robust approaches to potential loss of government records and data. It is likely that the Archives/RM unit will find skilled and knowledgeable support from their IT colleagues when addressing security concerns for the digital repository.

Appraisal, transfer, processing, and preservation of electronic records introduces complexity and places increased demands on the interdependencies and interoperability between and among the operations of record producing and record management units of government. As you work to establish a digital repository for permanent electronic government records, protect existing digital collections by reviewing security protocols and access rights on the Archives’ network. Manage access but setting up role-based rules and working with IT support to implement and periodically update as collections and staff change over time.

REMINDER

The CoSA Digital Preservation Capability self-assessment and Level Up Roadmap are based on the DPCMM so there is an assumption that archival institutions seeking to establish trusted digital repositories for permanent electronic government records will conform their operations to the specifications of ISO 14721 and ISO 16363, the de facto standards for the global digital preservation community.