https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE 2022
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

issue_20031001


Lost in Cyberspace

Lost in Cyberspace

Lost in Cyberspace An integrated records repository can save critical e-mails from disappearing into an electronic black hole Business processes have
  • Written by Catherine Radwan
  • 29th October 2003

Lost in Cyberspace

An integrated records repository can save critical e-mails from disappearing into an electronic black hole

Business processes have jumped to cyberspace at warp speed. A vast majority of organizations now regularly conduct business transactions via e-mail, cell phone, mobile messaging, wireless PDAs, online discussion forums, Instant Messaging, and peer-to-peer file shar ing. Yet many entiti es that have adopted these new technologies do not have policies and systems in place to control and manage them.

In the recent survey “E-Mail Policies and Practices: An Industry Study,” conducted by AIIM International and Kahn Consulting, Inc. (2003), fully 100 percent of respondents say they use e-mail for business purposes, including highly sensitive transactions and activities with legal and compliance implications, yet 60 percent of the same respondents have no formal policy governing e-mail retention.

E-mail messages, along with other digital documents, become official records when the information they contain directly affects the transaction of business and an organization’s legal obligations. (See sidebar “What IS a ‘record’?,” pg. 27.) As such, e-mail messages and their attachments must be preserved in an unaltered state within an electronic records management (ERM) system that allows the documents to be stored, located, and retrieved during a regulated life cycle.

Just as physical records management, which includes paper documents, microform, and other types of physical evidence, is accepted as sound business practice, the retention of those documents created or received in electronic formats also is essential to carrying out an entity’s mission and complying with industry standards, laws, and government regulations.

However, many IT managers do not fully under-stand that retaining electronic business records goes beyond saving them on a computer. Archiving electronic documents must retain original data integrity, including authenticity, reliability, and usability, so that the records are acceptable as evidence for legal purposes or for transacting business.

Resistance is Futile
Since the Arthur Andersen and Enron failures, new laws and regulations, such as the Sarbanes-Oxley Act, Securities and Exchange Commission Rule 17, and the Health Insurance Portability and Accountability Act among others, have renewed emphasis on entities’ accountability and translate into tight control and retention of electronic communications, including e-mail.

For example, Sarbanes-Oxley defines “records” as including e-mails related to the transaction of business, along with the original content and history. The Act imposes severe penalties if e-mail records are arbitrarily destroyed without a justified retention policy in place.

Faced with the consequences of noncompliance with these regulations, many organizations have taken the position of printing each electronic message and attachment and filing the hard copies into their existing records management systems. Not only does this approach increase storage demands on the physical document repository, but also it can actually compromis e the integr ity of electronic documents by altering their original state.

Storing e-mail records in desktop users’ personal electronic mailbox folders makes the documents inaccessible to other authorized personnel and keeps them outside the formal records management retention system because the e-mails remain under end users’ control to save or delete at will. Too often individual e-mail account size is predetermined by a storage quota, and messages are saved or deleted accordingly.

Backing up the main e-mail server on tape media only preserves messages residing on the system at the time of backup, and does not account for e-mails sent, received, or deleted during the day. Retrieval of messages transferred to backup tape is both difficult and time consuming. (See side-bar “A Cautionary Tale,” below)

E-mail archiving within electronic mail systems is a start, but true archiving means creating permanent copies through a standalone archiving package and saving the indexed, noneditable records in a secondary location or storage area network.

In its white paper “E-Mail Archiving and Records Management,” sponsored by eManage and published in March 2002, Ferris Research, Inc., summarizes, “Organizations must be able to define and retain important records and make them available for audit and other types of access. When users delete e-mail to stay beneath a message store quota, they, and not the organization, make the decisions as to what should be maintained. Administrators, not individuals, need to ensure that e-mails are analyzed, and that appropriate entity assets are identified and retained for future use. ARM [e-mail archiving and records management] technology helps organizations decide what e-mails constitute intellectual property and then ensures that the e-mails are correspondingly classified, stored, and made accessible.”

Charting a Course
The solution to an enterprise-wide records management system for both physical and electronic records in all formats, including e-mail, is an integrated records repository, a central system that standardizes indexing, classification, search and retrieval, tracking, reporting, and disposition of all critical business records according to the organization’s records management policies.

With a central repository, records management software is installed on every desktop, and employees are trained in the entity’s records management/retention policies to know what needs to be saved and how to save it. Desktop users declare and classify electronic documents, including e-mail messages, attachments, and images, as business records into the system for long-term archiving, although copies can be kept on the desktop. Dupl ication of r et ained records is eliminated and data is compressed. An audit trail is created. Multiple users have simultaneous access to the electronic documents over the network with the security administrators granting or restricting access. Because the original documents are not removed from the system they cannot be edited, misfiled, stolen, damaged, or lost.

Prime Directive
Because government entities use e-mail for both internal and external communications, such as memos, discussion, budgetary information, and communications with agencies, civilians, and contractors, the U.S. National Archives and Records Administration (NARA) endorsed the “Design Criteria Standard for Electronic Records Management Software Applications.” The standard DoD 5015.2-STD, created by the Department of Defense and revised in June 2002, establishes baseline definit ions and mandatory funct i onal re qui rements f or r ecor ds management software to be used by all federal agencies to manage electronic records, including those that are classified. (Downloadable versions of the DoD directive as well as additional information about the certif ication process are available through NARA’s Web site; log on to: www.archives.gov/records_management/initiatives/dod_standard_ 5015_2.html.)

The revised standard requires that audit trails and safeguards be incorporated into the records management application’s information architecture to ensure that e-mail and other electronic records remain in their authentic formats to preserve t heir i nt egr i ty a nd evi denti ar y value, that e-mail records contain the real names of senders and addressees, and that the records management system has the ability to retrieve and export e-mail from the records repository.

Furthermore, the value of DoD 5015.2-STD lies in its application to both the public and private sectors, as it defines best practices for electronic records management systems and gives criteria for vendor certification according to the Federal Records Act, Title 36 Code of Fede ral Regul at i ons, and NARA’ s e-Government Electronic Records Management Initiative. Currently more than 40 certified vendors offer

commercial, off-the-shelf software products that comply with the DoD standard for electronic records management. (See sidebar “DoD 5015.2-STD Compliant Vendors of Electronic Records Management (ERM) Software Systems,” pg. 30.)

An organization should implement its records archiving system slowly and in stages, beginning with selecting and installing a basic module, training employees to use it, testing its operability, and solving any problems before moving on to the next phase, until full implementation is achieved.

Back to the Future
According to David Ferris, president of Ferris Research, the e-mail archiving market will reach $200 million in 2003 and grow 50 to 100 percent a year for each of the next four years. As more entities recogni ze the cr iti cal ne ed f or e-mai l archiving and plan to implement integrated records retention systems, they will find vendors ready with certified and compliant technology products that can be tailored to an entity’s size, functions, and organizational needs.

It would be wise to remember that today’s s torage media have their limitations. Magnetic and optical disks degrade over time, application software updates into enhanced versions, and hardware sys tems become obsolete and evolve into new technologies. But the integrity of electronic records must remain independent of hardware or software. Entities should plan for new integrated repository systems that will offer backward compatibility with older media and create a planned conversion schedule that establishes periodic rollovers into updated records management applications to ensure retention of and access to critical business records for as long as they are needed.

A Cautionary Tale
Burst.com, Inc., is suing Microsoft, Inc., the world’s largest software maker, for theft and anticompetitive behavior over Microsoft’s multimedia technology for transmitting movies and sounds on demand over the Internet. The lawsuit, filed in June 2002, accuses the software giant of using ideas Burst shared with Microsoft during unproductive discussions about Burst’s streaming technology and then shutting out potential competitors including Burst through exclusive deals and practices based on Microsoft’s dominance with Windows. Burst says that Microsoft’s Media 9 uses some of Burst ‘s technology. Microsoft denies any wrongdoing. The case is expected to go to trial next year.

Burst claims that many e-mails relating to its meetings with Microsoft from fall 1999 to early 2001 exist but have not been produced as evidence during pretrial discovery. Burst attorney Spencer Hosie contends, “These were e-mails that absolutely undeniably existed once, but for some reason are no longer at Microsoft System.”

In August, U.S. District Judge Frederick Motz in Baltimore ordered that Microsoft must search for any deleted e-mails relating to the discussions. Microsoft attorney John Treece argued at the hearing that “looking for e-mails on file server backup tapes is highly unlikely to be successful, but absolutely certain to be enormously time-consuming and expensive.” Judge Motz called it “a burden of Microsoft’s own making.”

Source: “Microsoft Sued Over Web Movie Technology,” by The Associated Press, published online by The New York Times, www.nytimes.com/aponline/ technology/AP-Microsoft-Burst.html, September 29, 2003.

Tags: ar issue_20031001 mag

Most Recent


  • What’s my truck worth?
    Truck Value VIN Decoding & Make/Year/Model Lookup
  • Lost in Cyberspace
    Calendar of events
    A list of NIGP courses, conferences and webinars for NIGP members held in December 2012 and January 2013.
  • Lost in Cyberspace
    UPPCC new certifications
    The Universal Public Purchasing Certification Council announces that 208 individuals successfully completed the spring 2012 UPPCC certification examinations administered in May 2012.
  • Lost in Cyberspace
    Performance data on the latest certification exams
    The UPPCC has released key performance data from the May 2012 examinations.

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Lost in Cyberspace
    State Fiscal Picture Brightens
  • Product Spotlight: Public Works
  • Are Your Employees Giving You the Silent Treatment
  • Lost in Cyberspace
    Government Contract Awards

White papers


Hand Hygiene: Compliance Matters

23rd May 2022

What it Takes to Build a Winning Esports Program

23rd May 2022

Sixth-Largest US School District Saves Over $500,000 by Utilizing a Cooperative

23rd May 2022
view all

Events


PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

Twitter


AmerCityCounty

Remote alarm notifications add firewall as utilities face mounting threats of cyberattacks dlvr.it/SRB2fd

27th May 2022
AmerCityCounty

10 of America’s most idyllic lakeside communities dlvr.it/SR9yVd

27th May 2022
AmerCityCounty

Infrastructure improvements in cities often feature clean energy or connected technologies dlvr.it/SR6vm8

26th May 2022
AmerCityCounty

Ahead of Surfside condo collapse anniversary, Florida’s legislature approves statewide inspection standards dlvr.it/SR6qL7

26th May 2022
AmerCityCounty

American City & County survey highlights civic engagement priorities in public sector dlvr.it/SR3hMS

25th May 2022
AmerCityCounty

Changing recruitment practices can ease retention challenges dlvr.it/SQzzPt

24th May 2022
AmerCityCounty

EVs are coming in a big way – Will charging infrastructure be ready? dlvr.it/SQzfL1

24th May 2022
AmerCityCounty

Optimizing the 3 stages of RFP creation for faster results | June 16, 2022 at 2 PM ET dlvr.it/SQzV7d

24th May 2022

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X