Core Competency H: Be conversant with current information technologies and best practices relating to records preservation and security.
What do you understand this competency to mean?
A critical element of recordkeeping is ensuring that records are preserved using best archival practices, and that security measures are enacted to ensure their safety. It is the responsibility of the archivist or records manager to enforce security measures in their facility and to ensure that efficient preservation activities are performed by all members of their staff, as well as any volunteers or interns.
Records preservation is critical to the function of recordkeeping – preservation is, in essence, the point of maintaining an archive or records repository. Failure to preserve records in an archive is a contradiction of the profession of archivist. Therefore, it is crucial that archivists and records managers engage in extensive, effective records preservation activities that will ensure the survival of the records under their jurisdiction. Records preservation is a multi-faceted discipline that relies on the implementation of and adherence to a variety of programs and policies that will ensure the best care of records.
Elements of records preservation can include proper processing methods, maintaining the right environment for promoting preservation, access policies and procedures, and effective retention policies. During processing – when an archival collection undergoes arrangement, re-housing, and description – it is imperative that the processing archivist also engages in preservation activities to ensure that the collection is stored in its best possible condition. This requires the removal of metal staples or paperclips that can damage paper with rust residue; the removal of rubber bands, which can disintegrate as well as crease materials; make sure that any newspaper clippings included are either photocopied and discarded or interleafed to reduce the possibility of acid staining; and the flattening of any folded documents. Archival-quality acid-free boxes, cartons, folders, and photograph sleeves should be used to reduce acid-induced damage and deterioration.
The facility itself should be outfitted for the adequate preservation of archival materials. Records storage rooms should be temperature controlled to reduce the risk of humidity-induced damage, fire extinguishing systems should be installed, boxes and cartons should be stored on secure shelving, and access should be restricted to authorized personnel only. An emergency plan should be implemented, and all staff should be trained in the emergency procedures. This emergency plan should include procedures for salvaging records damaged by water or fire, where to relocate collections should the facility be compromised by water or fire damage, and any businesses that specialize in treating water-damaging materials that can be called in to help in the event of a catastrophic event.
Retention policies can fall under the preservation category due to the space limitations that archives frequently face. If an archive or records center is retaining records that should have been destroyed as set forth in a retention schedule, then valuable space is being wasted. This wasted space could be used for records with current or inherent values. It is important for archivists to adhere to retention schedules and retention policies in order to ensure the preservation of records with real values. Spending time and resources on records with no enduring value or records whose usefulness has expired according to the retention schedule can be detrimental to preservation efforts.
Records preservation as applied to electronic records requires the use of the most current archival software. Archivists and records managers should keep themselves updated with regards to emerging technologies that will allow them to manage their electronic records and web-based collections. Information technologies designed for specific archival applications such as eDiscovery and Past Perfect allow archivists to manage their records electronically, as well as control and store digital-born records.
Access is a concern for both records preservation and records security. Archival storage facilities should be kept secure by prohibiting access to unauthorized parties. Maintaining secure access to archival collections can ensure their preservation through the reduction of opportunities for theft or vandalism. It is also imperative that access be controlled in reading rooms where archival collections are handled by archive or library patrons. Purses or bags should be prohibited from reading room areas, sign-in sheets must be required for use, and the handling of original documents should be limited. Copies of originals are ideal for high traffic usage to ensure their preservation.
The security of records should address both internal and external threats, as well as cyber threats. Security programs should address multiple types of threats, both natural and human, internal and external. As Michael Whitman and Herbert Mattord write in Principles of Information Security, “achieving the appropriate level of security for an organization…requires a multifaceted system,” including physical, personnel, network, and information security (Whitman and Mattord, 2012). By addressing multiple layers of security issues, an all-encompassing security program can be created with special attention to records-management-specific threats.
Internal threats can manifest themselves in both natural and man-made forms, such as accidental fire, water damage resulting from fire extinguishing, arson, the neglect of proper operating procedures, and theft. When an employee fails to conform to best practices as set forth by the facility’s procedures, records can be in danger – either from poor processing practices during which records are damaged or preservation activities are not carried out; leaving patrons unsupervised with archival materials, thereby contributing to an opportunity for theft or vandalism; or by failing to follow security protocols regarding access, both physical and web-based.
External threats can also arise in natural or human form. Archives or records centers may be at risk for damage from natural disasters such as flooding, earthquakes, or tornados, depending on their regional location. Emergency plans, as mentioned earlier, can help archive employees to prepare for these events and make sure that precautions are taken to ensure the preservation of the archive’s collections. Theft and vandalism are external threats that must be addressed through an archive’s security program. Doors should have adequate locking mechanisms to prevent and deter break-ins, and security systems with alarms and cameras should be installed when feasible.
A comprehensive security program is served best by implementing information governance policies. Information governance can protect information from potential security breaches, particularly in the realm of electronic records and web-based information technologies used for archival storage and records management. In order to preserve and secure records, it is critical that the archivist or records manager understands the potential risks. Having the foresight to prepare for a variety of threats to the preservation and security of one’s records acts as a safeguard in itself – as the old saying goes, forewarned is forearmed.
What course assignments or other work products are you submitting as evidence of your mastery of this competency? Which source or class is your evidence drawn from?
To demonstrate my mastery of this competency, I have chosen three samples of work: two from MARA 284: Information Assurance, and one from MARA 284: Information Governance. All three samples are analytical essays, but each provides specific evidence of my mastery of the multiple elements of this competency.
Why did you select these particular work products as evidence for your mastery of this competency? How do your selections show not simply learning but also application?
- MARA 284: Information Assurance: Analytical Essay 1
This paper, titled Infected USB Thumb Drives, addresses information technologies and potential threats to records and demonstrates my comprehension of the necessity for strident security precautions for information technologies used in archival applications and the ramifications of failing to do so. Emerging information technologies can make many aspects of records management more efficient, including preservation, organization, retrieval, and access. But there are threats lurking in these web-based programs that can cripple an archive or records center. In my paper I have discussed the possibility of accidentally introducing viruses and malware into a computer system through the use of corrupted USB drives, also known as thumb drives or flash drives. These thumb drives are small and convenient personal devices used for storing small amounts of documents, photographs, videos, and electronic data. They can also serve as vehicles for hackers seeking to use unsuspecting individuals to transfer malware from an infected thumb drive to any computer that thumb drive is plugged into.
It is necessary that security procedures and protocols be in place that will protect not only an archive’s physical holdings but their electronic holdings as well. This can be done by prohibiting employees from using personal devices – including thumb drives – on work computers. Security software should be kept up-to-date and security scans should be run in order to detect viruses before they can damage or steal any records in their databases.
2. MARA 284: Information Assurance: Analytical Essay 3
Preserving records means taking a proactive approach to ensuring that records are processed, maintained, and stored in the best possible conditions, and being prepared for any deviations from the policies and programs put in place to protect them. This paper for MARA 284: Information Assurance discusses the National Archives’ disaster response and recovery plans and the types of programs they have in place for a variety of threats arising from natural disasters. Records preservation and security are often entwined, and it is evident through NARA’s disaster response and recovery plan that preparing for disasters requires considerations for both of these elements of records management.
In this paper I discuss the potential threats and the corresponding responses to them, and what NARA’s best practices are for recovering after the infliction of damage from water or fire. Water damage is one of greatest threats, since water damage can also be inflicted as a result of fire – extinguishing a fire in an archive can be as destructive as fire itself. It is critical for an archive to be prepared to take swift action to rescue its records from water damage, and be well versed in methods of recovery. For example, if something cannot be cared for immediately, then it is best to freeze that item until it can be dried out under the supervision of a preservation professional with the proper tools and techniques rather than on its own, when it could suffer further damage.
I’ve concluded this paper with several assertions regarding the National Archive’s disaster recovery plan’s failure to address theft and vandalism. Overlooking damages inflicted through human activity would be a mistake. Preserving records requires the acknowledgement of all potential threats and the clarity to take precautions against them before they have had the opportunity to inflict any damage.
3. MARA 284: Information Governance: Analytical Essay 1
This analytical essay outlines the potential magnitude of damage inflicted when information security is neglected. Through the implementation of an information governance policy, a records center, archive, or any facility that stores or maintains sensitive information, can protect its records from theft and unauthorized dissemination. This paper is my evidence of a complete understanding of the importance of implementing and adhering to an information governance program and the potential damage incurred if information governance is neglected.
Securing archival collections is dependent upon the implementation of programs and policies that set forth procedures for specific situations. The responsibilities of all involved parties must be clearly defined; all employees, even volunteers, must be made aware of the importance of their participation with security procedures. The more involved staff members are, the more likely they are to follow proper procedures. Accountability is just one major element of an effective information governance program, but it can eliminate the potential for data breaches due to employee error. Information governance programs can also cover requirements for data security software – failure to comply with security software updates can result in major data breaches.
What have you learned?
It is the archivists’ responsibility to make themselves aware of all hazards that pose risks to the archive’s holdings and to take all necessary measures to protect the archive from these potential hazards. Security and preservation are often entwined, and should be approached as equal in terms of importance to the survival of an archival collection – preservation measures are useless if the security of the collection is neglected, and the same is true for the opposite.
There are opportunities for preservation activities in a variety of archival functions: the removal of metal staples and paperclips from documents during processing reduces the risk for rust damage and tears, and following a retention schedule can ensure that storage space and resources aren’t wasted when valuable records are awaiting attention and proper maintenance. Preservation relies heavily on the physical storage location – archival collections should be housed in temperature controlled rooms that are locked to prevent unauthorized access.
Access should be addressed as both a preservation concern and a security issue. Stipulations of access – such as enforcing reading room rules that dictate that patrons wear gloves to handle sensitive documents or only handle copies rather than originals – can aid in the preservation of archival materials that are highly sensitive and subject to deterioration due to frequent or improper handling. Security precautions – such as forbidding bringing purses or bags into the reading room or installing locking devices on doors to archive storage rooms – also preserve records by ensuring their safety and reducing the risk for theft or vandalism.
The physical and the metaphysical – in this case, the vast intangibleness of the internet – are equally important in terms of archival preservation and security. The introduction of information technologies that have been tailored to suit the needs of records management functions should be secured using anti-virus software and reinforcing security policies that control the use of electronic devices. Information technologies present advantages and risks for records preservation and records security: records can be described, managed, and made accessible relatively simply using database software designed for archival applications, but the risk of data breaches and malware poses a major concern for the security of electronic records. Implementing efficient programs and policies can help control risks to records preservation and security, such as information governance programs, which address employee responsibilities, accountability, and information security.
Implementing efficient and comprehensive preservation procedures and security programs can ensure the future of an archive and its collections. It is the responsibility of an archivist to ensure that they do all they can to preserve their collections and guarantee that strident security precautions are taken to protect those collections. Taking advantage of emerging information technologies and employing best practices in their archive will aid archivists in their quest to preserve and secure archival collections for future generations.
Whitman, M.E. and Mattord, H.J. (2012). Principles of information security. Course Technology: Boston, MA.