Monday, May 11, 2015

ARMA TR 20-2012 Mobile communications and records and information management

Another standard! This one is from ARMA. Again, I was able to use ILL to access it. What's interesting is that this particular document was clearly a digital download that had been printed, bound into some sort of reading collection, then integrated into the lending library's collection. It's like ILL services completely circumvented all the DRM.

Anyways, let see what this thing is all about.



  • It's registered with ANSI.
  • It may complement GARP, ISO 15489, ISO/IEC JTC1, SC27, ISO TC46, SC11
  • Standard intro stuff. Section 3 is about collaborating within the organization. We need to identify stakeholders; determine their responsibilities; we need to build a cross-functional team;
  • We need to develop a training program:
    • It should be tailored to specific users/needs
    • Clear and concise materials
    • Offer multiple opportunities
    • Enforce via executive support
    • Archive materials so people can access it
    • Consider security issues
    • Track results
  • Audit as per ISO 15489 and GARP. Guidance related to an audit is available via ISO/IEC 27006 Information technology -- security techniques -- requirements for bodies providing audit and certification of information security management systems
  • Section 4 talks about IG and mobile.
  • We need policy.
  • Apply GARP and ISO/IEC 27002 Information technology -- security techniques -- code of practice for information security management: accountability, integrity, protection, compliance, availability, retention, disposition, transparency.
  • You need security for integrity and ediscovery. Consider: authentication/firewalls; encryption; wi-fi; passowrds; software applications; sabotage/espionage
  • Update software and keep on audit trail
  • Appendix A has a BYOD checklist
  • Consider disposal
  • Risk mitigation is important
  • Section 5 is about using mobile technology. Consider:
    • Flash drives, netbooks, laptops, etc.
    • Mobile phones and tablets
    • Bluetooth
    • GPS due to PII constraints
    • NFC
  • Manage the environment:
    • Mobile Device Management (MDM): track lost devices; remote wipe; remote lock; remote upgrade/patch; inventory tracking; limit activities (roaming); conduct audits; PIN-to-PIN for emergency communication
    • Application Management
    • RIM in the Cloud -- Guideline for Outsourcing Records Storage to the Cloud
  • Mitigating risk -- password management; identifying unauthorized users and mitigating risk (lock devices, report when stolen, manage access points); protect most sensitive information; manage business continuity





0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home