Recordkeeping Standards Analysis of HealthConnect

Size: px
Start display at page:

Download "Recordkeeping Standards Analysis of HealthConnect"

Transcription

1 Recordkeeping Standards Analysis of HealthConnect Electronic Health Records: Achieving an Effective and Ethical Legal and Recordkeeping Framework Australian Research Council Discovery Grant, DP School of Law Deakin University, School of Information Management and Systems Faculty of Information Technology and Faculty of Law Monash University, Australia Barbara Reed For: Caulfield School of Information Technology Monash University June 2005 Report on Recordkeeping Standards Analysis June

2 1. Introduction This report represents the conclusions of a major analysis of the requirements of the HealthConnect Business Architecture. This analysis has been used to support a number of products for the research team. This report presents the conclusions in relation to the extent to which recordkeeping best practice is reflected in the specification of the Health Connect business requirements. 1 The conclusions presented in this report are supported by: Statistical occurrence of requirements in HC processes HealthConnect project analysis spreadsheet 2. Recordkeeping Standards used The key industry standards used for the analysis were: Interpares Project Requirements for Assessing and Maintaining the Authenticity of Electronic Records, 2001 ISO 15489, International Standard on Records Management, Parts 1 and ISO 23081, Records Management Processes Metadata for Records, Part 1 Principles These industry standards are seen as the most authoritative statements of recordkeeping currently available. They are complementary; the international standard focussing on principles and processes required for good recordkeeping, while the Interpares Benchmarks and Baseline Requirements provide particular statements of characteristics to be sought in relation to assertions of authenticity of electronic records. 2.1 Interpares Project Authenticity Taskforce Requirements The Interpares project devised two sets of criteria: The Benchmark Requirements Supporting the Presumption of Authenticity of Electronic Records, devised to test the presumption of authenticity of records belonging to the creator of the records in their current electronic systems. The Baseline Requirements for the Production of Authentic Copies of Electronic Records, devised to support assertions of authenticity once 1 This analysis, initially conducted using the Business Case System process specification version 0.7, March One of the frustrations of this research project was the complexity, and the continuously evolving nature of the documentation of the HealthConnect system. The initial analysis was updated to reflect the Business Architecture released as Volume 3.6 of the HealthConnect Interim Research Reports, April The final analysis was completed using HealthConnect Business Architecture Version 1.9, Specification of HealthConnect Business Requirements, This constant need to update and revisit work through three versions of complex documents impeded the progress of the project. Report on Recordkeeping Standards Analysis June

3 the records have been removed from the creating environment, thus creating copies of the original records. The Interpares Benchmark requirements are used to support assertions of authenticity in an electronic environment. A presumption of authenticity is an inference that is drawn from known facts about the manner in which a record has been created and maintained.a presumption of authenticity will be based upon the number of requirements that have been met, and the degree to which each has been met. The requirements are, therefore, cumulative: the higher the number of satisfied requirements, and the greater the degree to which an individual requirement has been satisfied, the stronger the presumption of authenticity. 2 For continued assertions of authenticity of electronic records where they have been removed from the originating environment, the Interpares project states that all of the requirements included in the Baseline requirements must be met ISO 15489, Records Management ISO is not a compliance standard. It therefore has no explicit criteria embedded into its provisions to assert whether something has passed or failed its requirements. It outlines best practice for recordkeeping, including the environment of recordkeeping in an organisation. It outlines the processes required for reliable and authentic records in any media. Part 2 expands upon the principles and processes outlined in Part 1 of the Standard with more practical guidance. 2.3 ISO 23081, Records Management Processes Metadata for Records ISO is not a compliance standard. It therefore has no explicit criteria embedded into its provisions to assert whether something has passed or failed its requirements. It is a best practice standard which takes a process oriented view of records metadata and its accrual during the records processes. 3. Methodology The purpose of this part of the project was to analyse how well recordkeeping concerns and requirements were incorporated into HealthConnect. A significant amount of information discussing particular issues was released in the Interim Research Reports (dated April 2003, published on the web August 2003). However most of this information was at a policy and discussion level. To enable this project to grasp the vision of how and where the system was to 2 Interpares Project Authenticity Taskforce Requirements for Assessing and Maintaining the Authenticity of Electronic Records section The Presumption of Authenticity, October Ibid, section Report on Recordkeeping Standards Analysis June

4 be implemented, we needed to work with documents that defined the processes intended to support the operation of HealthConnect. From the process descriptions and the functional requirements we could derive and comment on recordkeeping requirements. As indicated above, the process descriptions were extracted from three documents over the time of the project. These were incorporated into a spreadsheet. Included in this were also further sections from the Business Requirements document that identified Health Records System Specifications and HealthConnect Service definitions. From these sources derived recordkeeping requirements were developed 4. These were verified by peer review 5. From this initial analysis a number of avenues of analysis were pursued. For the purpose of this report, the most relevant is the mapping of requirements from the recordkeeping standards identified above. Each process description and derived recordkeeping requirement was analysed to assess which, if any, recordkeeping standard requirement was relevant to the process. Every attempt has been made to be consistent in the analysis, but it was undertaken from published documents and subject to discretionary interpretations. The results should be taken as indicative rather than exhaustive. 4. Analysis 666 instances were found where recordkeeping standards could be mapped to the business process being described in the 96 Business Requirements for HealthConnect (Processes A1 to M5) or the Health Connect Records Systems Requirements (which provided a system view of processes J and K) and HealthConnect Services Requirements. The mappings were done to sections within the recordkeeping standards. For many of the business processes being described multiple sections of the recordkeeping standards were identified as being applicable. For some processes, it was not possible to find an appropriate recordkeeping standard. 4.1 Interpares Authenticity Benchmarks and Baseline Requirements Benchmark Requirements Of the possible 8 Interpares Benchmark requirements, mappings were made through the analysis to all 8 of the requirements as detailed in Table 1, indicating that issues were addressed. 4 Initial analysis was undertaken by Barbara Reed, a Research Associate for the project 5 Peer review was undertaken by Dr Livia Iacovino, a Principal Researcher for the project and Mr Hans Hofman, an international Research Associate for the project, with specialized knowledge of data modeling and electronic recordkeeping. Report on Recordkeeping Standards Analysis June

5 Table 1: Instances of mappings made to Interpares Benchmark Requirements Interpares Benchmark Requirement No Summary of Requirement issue Instances of mapping A5 Documentary form 35 36% A2 Access 31 32% A6 Authentication 23 23% A8 Documentation at removal or transfer 8 8% A4 Protective Procedures - integrity over changes 8 8% media and technology A3 Protective Procedures - corruption of records 8 8% A1 Integrity 4 4% A7 Authoritative record - multiple copies 1 1% Percentage against available 96 processes and specifications As indicated above, the benchmarks are used to weigh statements of authenticity in the creating environment. The percentage figures indicate the relative presence of these requirements against the process definitions and specifications mapped. These percentages are to be treated with some caution, as not every process definition or specification will be relevant to the specific Interpares Benchmark issue. They do, however, provide sufficient basis for an indicative assessment. Using the stated criteria for use of the benchmarks, we can make some general assessments of the degree to which authenticity can be asserted. That is a presumption of authenticity will be based upon the number of requirements that have been met and the degree to which each has been met. The requirements are, therefore, cumulative: the higher the number of satisfied requirements and the greater the degree to which an individual requirement has been satisfied, the stronger the presumption of authenticity. The following assertions are then made: That issues of documentary form, access and authentication are potentially adequately addressed in the HealthConnect specifications That the remainder of the requirements probably fall short of sufficient to be able to assert authenticity. The ability of each of the Interpares Benchmark requirements to be mapped at least to some requirements in the HealthConnect specification indicate that the HealthConnect system should be able to accommodate the requirements. That the developers of the HealthConnect specifications should use the Interpares Benchmark requirements to further incorporate the requirements to enable a much more robust assertion of authenticity Baseline Requirements The Baseline Requirements outline minimum conditions necessary to enable the preserver to attest to the authenticity of copies of inactive electronic records. Report on Recordkeeping Standards Analysis June

6 The Baseline Requirements build in a set of presumptions about recordkeeping that are not necessarily suited for application in a cross organisational networked electronic system. Rather the presumption is that electronic records are being removed from the creator s system into another s system who is known as the preserver. None the less, while the language and angle of the Baseline Requirements is somewhat different, the requirements that are specified should be valid for a system like HealthConnect where records are being transmitted and stored in locations away from the originating system (ie in designated Health Record Systems or in the National Data Store under the aegis of the HealthConnect governing body, either or both being different to the creator s system that of the individual practitioner or health care provider). The Baseline requirements then address three areas B1- Controls over Records Transfer, Maintenance and Reproduction B2 Documentation of Reproduction Process and its Effects B3 Archival Description It would be anticipated that a match would be found between B1 and B2 and the HealthConnect specifications. Notwithstanding the statement in the Interpares Authenticity report, that all the requirements in the Baseline requirements must be met before the preserver can attest to the authenticity of electronic records in its custody, for HealthConnect and the purposes to which the analysis is being put here, we would assert that a robust degree of correspondence between requirements B1 and B2 would meet authenticity requirements. Of the three requirements, B1 has 3 subsections and B2 4 subsections. The findings detailed in Table 2 below were that mappings could only be found against B1, although 2 parts of the B1 requirement. Table 2: Instances of mappings made to Interpares Baseline Requirements Interpares Benchmark Requirement No Summary of Requirement issue Instances of mapping B1 Records Transfer 19 B1b Records Transmission % Percentage against available 96 processes and specifications Thus we can assert that the HealthConnect specification would not meet the Interpares Baseline requirements for authenticity. Although, given that the Baseline requirements have been taken into a different context it is not unrealistic to assert that the findings above indicate that the HealthConnect system architecture could probably meet the requirements. Report on Recordkeeping Standards Analysis June

7 4.2 ISO 15489, Records Management Standard ISO consists of 10 major clauses. Within each of the 10 clauses further sub clauses are identified. The mapping has been done to the sub clause level. Table 3: Instances of mappings made to ISO Records Management Standard ISO Clause No Summary of content of Section Instances of mapping 6.1 Policy and Responsibilities - General 1 1% 6.2 Policy and Responsibilities - Policy 1 1% 6.3 Policy and Responsibilities - Responsibilities 1 1% 7.1 Principles of records management programs 1 1% Reliability 1 1% Integrity 1 1% 8.1 Design and Implementation of a records system 1 1% General Documenting records transactions 37 38% Physical storage medium and protection 1 1% Distributed Management 15 16% Access, retrieval and use 1 1% 8.4 Design and Implementation Methodology 3 3% Requirements for records capture 9.1 Determining which documents to be captured into a 8 8% records system 9.2 Determining how long to retain records 3 3% 9.4 Registration 8 8% 9.5 Classification 2 2% 9.6 Storage and handling 6 6% 9.7 Access 18 19% 9.8 Tracking 3 3% 9.9 Implementing disposition 1 1% 10 compliance monitoring 6 6% Percentage against available 96 processes and specifications Clauses 1-5 of the ISO 1489 are introductory clauses covering scope, references, terms and definitions, benefits of records management and regulatory environment. Therefore it is not surprising to find no direct mappings against these clauses. Of more concern is the inability to find appropriate mappings for records characteristics such as authenticity and useability (ISO 15489, and 7.2.5), with minimal mappings for authenticity and reliability (ISO 15489, and 7.2.4). Similarly the absence of any mappings to records system characteristics of reliability and integrity are of concern (ISO 15489, and 8.2.3). These critical recordkeeping characteristics will determine trust and robustness of the system. Very minimal mappings were able to be made for every one of the recordkeeping processes outlined in clause 9 of the ISO standard, indicating that they are of relevance to the HealthConnect system. However the scarcity of the mappings is of concern. This finding provides support to the assertion that HealthConnect, despite being an electronic records system, does not incorporate recordkeeping requirements into the business requirements to an adequate degree. Report on Recordkeeping Standards Analysis June

8 Of the matters dealt with at a reasonable level of mapping, three are clearly more adequately addressed than others. These are: Issues relevant to documenting records transactions (37 instances) Matters concerned with access (18 instances) Issues about distributed management (15 instances) It is not surprising to find these issues receiving relative prominence in the HealthConnect specifications. A considerable degree of attention in the documentation has been focussed upon ensuring an audit trail detailing every instance of access to a particular health record is retained. From a recordkeeping perspective an audit log is an inadequate record for such purpose, being only a portion of the events that take place on the record. ISO Records Management Part 2, Technical Specification HealthConnect requirements were mapped to ISO where a more adequate or precise representation of the issue could be identified in that part of the standard. The analysis therefore complements the analysis of ISO detailed above. Table 4: Instances of mappings made to detailed requirements in ISO Records Management Standard Technical specification ISO Clause No Summary of content of Section Instances of mapping 3.2 Design and implementation of records system 1 1% Access 18 19% Access 19 20% Registration 2 2% Disaster recovery 10 10% Backup, disaster recovery 8 8% Access 28 29% Percentage against available 96 processes and specifications In the mappings to specific issues within the technical specification, two issues were clearly the most prominent: access (consolidated 65 instances) backup and disaster recovery (consolidated 18 instances) HealthConnect is particularly concerned with issues of access, access restrictions and appropriate access controls. The prevalence of mapping to these concerns which are shared by recordkeeping professionals is not surprising. Report on Recordkeeping Standards Analysis June

9 Similarly, the HealthConnect system is a complex distributed networked system and attention to the backup and disaster recovery provisions is an expected finding. The absence of this set of functionality would have been a concern. The major conclusions from this analysis of Parts 1 and 2 of the ISO are: That the process of access control is the most completely articulated and detailed recordkeeping issue addressed in the Business Specification. That the absence of details in the Business Specifications dealing with appropriate recordkeeping processes beyond that of access control is of significant concern. That the capacity to find an appropriate linkage within the HealthConnect Business Specifications to the recordkeeping standards indicates that it would be possible to enhance the Specification to encompass such concerns. ISO 23081, Records Management Processes Metadata for Records, Part 1 - Principles This standard details principles on which records metadata should be designed to meet the requirements outlined in ISO The standards are therefore quite closely linked and one would expect a degree of congruence in the mappings possible. The ISO outlines at minimum three contextual metadata entities required for appropriate recordkeeping people, business and agents, and focuses on metadata created at the point of records capture as well as metadata accruing through the management processes. The conclusions of the mappings are included in Table 5. Table 5: Instances of mappings made to detailed requirements in ISO Records Management Processes Metadata for Records ISO Clause No Summary of content of Section Instances of mapping Creating and maintaining structures for managing 6 6% metadata Documenting and enforcing standard definitions 6 6% Storage of metadata 6 6% Access to metadata 10 10% Backup, disaster recovery 2 2% Authenticity and fixity of metadata 6 6% 8.4 Metadata Structures 3 3% Creating and maintaining metadata 8 8% Documenting and enforcing standard definitions 6 6% changes to metadata 8 8% Agent metadata: Process metadata after record 1 1% capture: 9.5 audit trails - fixity 26 27% Agent metadata 6 6% Agent metadata 1 1% access 47 49% 10.4 Agent metadata 1 1% access 18 19% records about records 3 3% Percentage against available 96 processes and specifications Report on Recordkeeping Standards Analysis June

10 The summary of the content of the sections indicates that a number of issues are addressed in different parts of the standard (for example agent metadata is addressed in a number of different sections). If we consolidate this by issue rather than by section number, we see the clear emphasis deriving from this mapping. Table 6: Consolidation of content of sections of ISO Records Management Processes Metadata for Records Summary of content of Section Instances of mapping Access; Access to metadata 75 78% Authenticity and fixity of metadata; audit trails 43 45% Documenting and enforcing standard definitions 12 13% Agent metadata 9 9% Creating and maintaining metadata 8 8% Creating and maintaining structures for managing 6 6% metadata Storage of metadata 6 6% Metadata Structures 3 3% Backup, disaster recovery 2 2% Percentage against available 96 processes and specifications These findings are consistent with the assessment of the records management standards: That access is by far the most detailed records process defined in the Business Specification That attention to maintaining an audit log of transactions, particularly those relevant to access is clearly identifiable in the Business Specification In addition the following conclusions can be drawn: That the HealthConnect Business Specification adequately addresses requirements for managing metadata, metadata templates and consistent use of standard definitions. That the Specifications focus some attention on metadata about agents, consistent with the emphasis on access (for identification and authentication purposes) That the Specification contains less clear references to metadata about records (although this is to an extent covered in the requirements for templates defining documentary forms such as event summaries) That the Specification contains no references to metadata about business processes or actions being undertaken General conclusions If we consolidate the analysis and look across the three standards used for mapping purposes, it is clear that the HealthConnect specifications address 2 areas most prominently. These are access (with a consolidated 194 Report on Recordkeeping Standards Analysis June

11 instances across the records standards), followed by specifications to maintain an audit trail of transactions (with a consolidated 80 instances across the records standards). The conclusions made in the analysis of recordkeeping standards, detailed above, are as follows: That issues of documentary form, access and authentication are potentially adequately addressed in the HealthConnect specifications That the remainder of the requirements probably fall short of sufficient to be able to assert authenticity. The ability of each of the Interpares Benchmark requirements to be mapped at least to some requirements in the HealthConnect specification indicate that the HealthConnect system should be able to accommodate the requirements. That the developers of the HealthConnect specifications should use the Interpares Benchmark requirements to further incorporate the requirements to enable a much more robust assertion of authenticity. that the HealthConnect specification would not meet the Interpares Baseline requirements for authenticity That the process of access control is the most completely articulated and detailed recordkeeping issue addressed in the Business Specification. That the absence of details in the Business Specifications dealing with appropriate recordkeeping processes beyond that of access control is of significant concern. That the capacity to find an appropriate linkage within the HealthConnect Business Specifications to the recordkeeping standards indicates that it would be possible to enhance the Specification to encompass such concerns. That the HealthConnect Business Specification adequately addresses requirements for managing metadata, metadata templates and consistent use of standard definitions. That the Specifications focus some attention on metadata about agents, consistent with the emphasis on access (for identification and authentication purposes). That the Specification contains less clear references to metadata about records (although this is to an extent covered in the requirements for templates defining documentary forms such as event summaries). That the Specification contains no references to metadata about business processes or actions being undertaken. Generalising from these specific findings, the conclusion of the analysis of recordkeeping standards are: That recordkeeping processes and requirements outlined in industry standards should be far more prominent in the specification of functionality of the HealthConnect system. Report on Recordkeeping Standards Analysis June

12 HealthConnect Business Specifications require augmentation to include these recordkeeping processes and requirements. That the strong articulation of the access processes is consistent with the clear business focus of HealthConnect, but that this is only one of the critical recordkeeping processes that need to be incorporated That attention to audit and data recovery/backup reinforce the hypothesis that HealthConnect is approaching systems design from a data management perspective that is lacking a clear understanding or incorporation of recordkeeping understanding. That lack of attention to these requirements may compromise the authenticity, reliability and integrity of the HealthConnect system. Report on Recordkeeping Standards Analysis June

The InterPARES Glossary

The InterPARES Glossary The InterPARES Glossary A controlled vocabulary of terms used in the InterPARES Project No.2 Vol. 1 January 1, 2002 University of British Columbia. Vancouver, Canada. The InterPARES Glossary action The

More information

The InterPARES Glossary

The InterPARES Glossary The InterPARES Glossary December 2001 Glossary action The conscious exercise of will by an officer of the records creator or by an external person aimed to create, maintain, modify or extinguish situations.

More information

Description Cross-domain Task Force Research Design Statement

Description Cross-domain Task Force Research Design Statement Description Cross-domain Task Force Research Design Statement Revised 8 November 2004 This document outlines the research design to be followed by the Description Cross-domain Task Force (DTF) of InterPARES

More information

Description Cross Domain - Metadata Schema Registry Presentation to ISO Working Group Sydney, 2 November 2004

Description Cross Domain - Metadata Schema Registry Presentation to ISO Working Group Sydney, 2 November 2004 Description Cross Domain - Metadata Schema Registry Presentation to ISO 23081 Working Group Sydney, 2 November 2004 Outline InterPARES 2 Description Cross Domain Metadata Schema Registry Status of prototype

More information

Bridging the divide: from theory to practice

Bridging the divide: from theory to practice Bridging the divide: from theory to practice Luciana Duranti Modern office Hybrid documentary systems Digital environments that support the manipulation of data Proprietary and idiosyncratic nature of

More information

Electronic Records Management the role of TNA. Richard Blake Head of the Records Management Advisory Service

Electronic Records Management the role of TNA. Richard Blake Head of the Records Management Advisory Service Electronic Records Management the role of TNA Richard Blake Head of the Records Management Advisory Service What records management has to address Accountability & records as evidence Standards & controls

More information

ISO Information and documentation Digital records conversion and migration process

ISO Information and documentation Digital records conversion and migration process INTERNATIONAL STANDARD ISO 13008 First edition 2012-06-15 Information and documentation Digital records conversion and migration process Information et documentation Processus de conversion et migration

More information

Australian Standard. Records Management. Part 1: General AS ISO ISO

Australian Standard. Records Management. Part 1: General AS ISO ISO AS ISO 15489.1 2002 ISO 15489-1 AS ISO 15489.1 Australian Standard Records Management Part 1: General [ISO title: Information and documentation Records management Part 1: General] This Australian Standard

More information

Metadata and Archival. System (MADRAS) Anne Gilliland Department of Information Studies University of California, Los Angeles

Metadata and Archival. System (MADRAS) Anne Gilliland Department of Information Studies University of California, Los Angeles Metadata and Archival Description Registry and Analysis System (MADRAS) Anne Gilliland Department of Information Studies University of California, Los Angeles Research Questions (SSHRC) Whatis the role

More information

Chain of Preservation Model Diagrams and Definitions

Chain of Preservation Model Diagrams and Definitions International Research on Permanent Authentic Records in Electronic Systems (InterPARES) 2: Experiential, Interactive and Dynamic Records APPENDIX 14 Chain of Preservation Model Diagrams and Definitions

More information

The Long-term Preservation of Accurate and Authentic Digital Data: The InterPARES Project

The Long-term Preservation of Accurate and Authentic Digital Data: The InterPARES Project The Long-term Preservation of Accurate and Authentic Digital Data: The Luciana Duranti & School of Library, Archival and Information Studies, University of British Columbia Modern Working Environment Hybrid

More information

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research. CONTENTS i. INTRODUCTION 3 ii. OVERVIEW SPECIFICATION PROTOCOL DOCUMENT DEVELOPMENT PROCESS 4 1. SCOPE 5 2. DEFINITIONS 5 3. REFERENCES 6 4. MANAGEMENT STANDARDS FOR APPROVED CERTIFICATION BODIES 6 4.1

More information

PRINCIPLES AND FUNCTIONAL REQUIREMENTS

PRINCIPLES AND FUNCTIONAL REQUIREMENTS INTERNATIONAL COUNCIL ON ARCHIVES PRINCIPLES AND FUNCTIONAL REQUIREMENTS FOR RECORDS IN ELECTRONIC OFFICE ENVIRONMENTS RECORDKEEPING REQUIREMENTS FOR BUSINESS SYSTEMS THAT DO NOT MANAGE RECORDS OCTOBER

More information

RELATIONSHIP BETWEEN THE ISO SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012

RELATIONSHIP BETWEEN THE ISO SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012 RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: Records processes and controls White paper written by ISO TC46/SC11- Archives/records management Date: March

More information

iii) Activity Definitions

iii) Activity Definitions iii) Activity Definitions A0, Preserve Electronic Records Under the control of Archival and Institutional Requirements, and limited by the possibilities available within the State of the Art of Information

More information

The Trustworthiness of Digital Records

The Trustworthiness of Digital Records The Trustworthiness of Digital Records International Congress on Digital Records Preservation Beijing, China 16 April 2010 1 The Concept of Record Record: any document made or received by a physical or

More information

ISO RM standards. Hans Hofman DLM Forum Budapest, 6 October 2005

ISO RM standards. Hans Hofman DLM Forum Budapest, 6 October 2005 ISO RM standards Hans Hofman DLM Forum Budapest, 6 October 2005 Overview ISO context: TC46/SC11 ISO 23081 metadata standard Other related work on metadata Revision ISO 15489 records management ISO context

More information

Title: General Study 15 Application Profile for Authenticity Metadata: General Study Report. Status: Version: 2.3. Final (public)

Title: General Study 15 Application Profile for Authenticity Metadata: General Study Report. Status: Version: 2.3. Final (public) Title: General Study 15 Application Profile for Authenticity Metadata: General Study Report Status: Version: 2.3 Final (public) Dated Submitted: February 2012 Last Revised: February 2016 Author: Writer(s):

More information

Records Management Standard for the New Zealand Public Sector: requirements mapping document

Records Management Standard for the New Zealand Public Sector: requirements mapping document Records Management Standard for the New Zealand Public Sector: requirements mapping document Introduction This document maps the requirements in the new Records Management Standard to the requirements

More information

Archival Diplomatics of Digital Records Dr. Luciana Duranti The University of British Columbia

Archival Diplomatics of Digital Records Dr. Luciana Duranti The University of British Columbia Archival Diplomatics of Digital Records Dr. Luciana Duranti The University of British Columbia The Concept of Record The Concept of Trustworthiness Archival Diplomatics The integration of archival and

More information

Australian Standard. Records Management. Part 2: Guidelines AS ISO ISO TR

Australian Standard. Records Management. Part 2: Guidelines AS ISO ISO TR AS ISO 15489.2 2002 ISO TR 15489-2 AS ISO 15489.2 Australian Standard Records Management Part 2: Guidelines [ISO title: Information and documentation Records management Part 2: Guidelines] This Australian

More information

ISO INTERNATIONAL STANDARD. Information and documentation Records management Part 1: General

ISO INTERNATIONAL STANDARD. Information and documentation Records management Part 1: General Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO 15489-1 First edition 2001-09-15 Information and documentation Records management Part 1: General Information et documentation «Records management»

More information

Requirements for Assessing and Maintaining the Authenticity of Electronic Records. Authenticity Task Force

Requirements for Assessing and Maintaining the Authenticity of Electronic Records. Authenticity Task Force Requirements for Assessing and Maintaining the Authenticity of Electronic Records Authenticity Task Force March 2002 The requirements that are identified in this document fall into two groups: requirements

More information

Approved 10/15/2015. IDEF Baseline Functional Requirements v1.0

Approved 10/15/2015. IDEF Baseline Functional Requirements v1.0 Approved 10/15/2015 IDEF Baseline Functional Requirements v1.0 IDESG.org IDENTITY ECOSYSTEM STEERING GROUP IDEF Baseline Functional Requirements v1.0 NOTES: (A) The Requirements language is presented in

More information

Document Title Ingest Guide for University Electronic Records

Document Title Ingest Guide for University Electronic Records Digital Collections and Archives, Manuscripts & Archives, Document Title Ingest Guide for University Electronic Records Document Number 3.1 Version Draft for Comment 3 rd version Date 09/30/05 NHPRC Grant

More information

metadata, metadata schema registry, metadata standardization, Dublin Core.

metadata, metadata schema registry, metadata standardization, Dublin Core. Describing and analyzing the recordkeeping capabilities of metadata sets Joanne Evans School of Information Management and Systems Monash University, Melbourne, Australia Tel. 61-3-9903 2467 Mail: jeeva2@student.monash.edu.au

More information

AS/NZS ISO 13008:2014

AS/NZS ISO 13008:2014 (ISO 13008:2012, IDT) Australian/New Zealand Standard Information and documentation Digital records conversion and migration process AS/NZS ISO 13008:2014 This joint Australian/New Zealand standard was

More information

ADVANCED AUDIT AND ASSURANCE

ADVANCED AUDIT AND ASSURANCE ADVANCED AUDIT AND ASSURANCE CPA PROGRAM SUBJECT OUTLINE The Advanced Audit and Assurance subject provides a body of knowledge for you to understand the nature and diversity of audit and assurance engagements.

More information

ISO INTERNATIONAL STANDARD. Information and documentation Managing metadata for records Part 2: Conceptual and implementation issues

ISO INTERNATIONAL STANDARD. Information and documentation Managing metadata for records Part 2: Conceptual and implementation issues INTERNATIONAL STANDARD ISO 23081-2 First edition 2009-07-01 Information and documentation Managing metadata for records Part 2: Conceptual and implementation issues Information et documentation Gestion

More information

This document is a preview generated by EVS

This document is a preview generated by EVS INTERNATIONAL STANDARD ISO 15489-1 Second edition 2016-04-15 Information and documentation Records management Part 1: Concepts and principles Information et documentation Gestion des documents d activité

More information

ISACA Cincinnati Chapter March Meeting

ISACA Cincinnati Chapter March Meeting ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview

More information

The Preservation of Digital Records: the InterPARES approach (on the basis of its findings)

The Preservation of Digital Records: the InterPARES approach (on the basis of its findings) The Preservation of Digital Records: the InterPARES approach (on the basis of its findings) TEAM Italy Director SPP/ICA Dakar, Sengal 22 October 2010 1 The Goal of InterPARES To develop the body of theory

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

A S ISO Records Management Part 1: General

A S ISO Records Management Part 1: General AS ISO 15489.1 2002 ISO 15489-1 AS ISO 15489.1 Australian Standard Records Management Part 1: General [ISO title: Information and documentation Records management Part 1: General] This Australian Standard

More information

John Snare Chair Standards Australia Committee IT/12/4

John Snare Chair Standards Australia Committee IT/12/4 John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC

More information

C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers

C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers SAS No. 70 Practices & Developments Todd Bishop Director, Risk Assurance Services, PricewaterhouseCoopers Agenda SAS 70 Background

More information

Wye Valley NHS Trust. Data protection audit report. Executive summary June 2017

Wye Valley NHS Trust. Data protection audit report. Executive summary June 2017 Wye Valley NHS Trust Data protection audit report Executive summary June 2017 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act

More information

Information and documentation Records management. Part 1: Concepts and principles AS ISO :2017 ISO :2016

Information and documentation Records management. Part 1: Concepts and principles AS ISO :2017 ISO :2016 ISO 15489-1:2016 AS ISO 15489.1:2017 Information and documentation Records management Part 1: Concepts and principles This Australian Standard was prepared by Committee IT-021, Records and Document Management

More information

INFORMATION ASSET MANAGEMENT POLICY

INFORMATION ASSET MANAGEMENT POLICY INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives

More information

Subject: University Information Technology Resource Security Policy: OUTDATED

Subject: University Information Technology Resource Security Policy: OUTDATED Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from

More information

Data Management Checklist

Data Management Checklist Data Management Checklist Managing research data throughout its lifecycle ensures its long-term value and prevents data from falling into digital obsolescence. Proper data management is a key prerequisite

More information

Making trust evident Reporting on controls at Service Organizations

Making trust evident Reporting on controls at Service Organizations www.pwc.com Making trust evident Reporting on controls at Service Organizations 1 Does this picture look familiar to you? User Entity A User Entity B User Entity C Introduction and background Many entities

More information

An Introduction to PREMIS. Jenn Riley Metadata Librarian IU Digital Library Program

An Introduction to PREMIS. Jenn Riley Metadata Librarian IU Digital Library Program An Introduction to PREMIS Jenn Riley Metadata Librarian IU Digital Library Program Outline Background and context PREMIS data model PREMIS data dictionary Implementing PREMIS Adoption and ongoing developments

More information

Digital Preservation at NARA

Digital Preservation at NARA Digital Preservation at NARA Policy, Records, Technology Leslie Johnston Director of Digital Preservation US National Archives and Records Administration (NARA) ARMA, April 18, 2018 Policy Managing Government

More information

ABB Limited. Table of Content. Executive Summary

ABB Limited. Table of Content. Executive Summary 21 CFR Part 11 Electronic Records; Electronic Signatures Guidance for Industry Scope of Application Position Paper: A Summary and Interpretation of the Guidance Note: This document has been prepared based

More information

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS

More information

Security Management Models And Practices Feb 5, 2008

Security Management Models And Practices Feb 5, 2008 TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related

More information

Smart Metadata and the Archives of the Future. Sue McKemmish Joanne Evans Anne Gilliland-Swetland Nadav Rouche Richard Marciano Hans Hofman

Smart Metadata and the Archives of the Future. Sue McKemmish Joanne Evans Anne Gilliland-Swetland Nadav Rouche Richard Marciano Hans Hofman Smart Metadata and the Archives of the Future Sue McKemmish Joanne Evans Anne Gilliland-Swetland Nadav Rouche Richard Marciano Hans Hofman SMART METADATA AND THE ARCHIVES OF THE FUTURE Create Once, Use

More information

APLAC Application to Enter the APLAC MRA or to Extend Scope - APLAC MR 003

APLAC Application to Enter the APLAC MRA or to Extend Scope - APLAC MR 003 ASIA PACIFIC LABORATORY ACCREDITATION COOPERATION MUTUAL RECOGNITION ARRANGEMENT (MRA) COUNCIL Application to Become a Signatory to the APLAC Mutual Recognition Arrangement (APLAC MRA) or to Extend Scope

More information

Certification Report

Certification Report EAL 3 Evaluation of Thales Communications S. A. Internal Communications Management System (ICMS) Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation

More information

Transferring vital e-records to a trusted digital repository in Catalan public universities (the iarxiu platform)

Transferring vital e-records to a trusted digital repository in Catalan public universities (the iarxiu platform) Transferring vital e-records to a trusted digital repository in Catalan public universities (the iarxiu platform) Miquel Serra Fernàndez Archive and Registry Unit, University of Girona Girona, Spain (Catalonia)

More information

Submission to the International Integrated Reporting Council regarding the Consultation Draft of the International Integrated Reporting Framework

Submission to the International Integrated Reporting Council regarding the Consultation Draft of the International Integrated Reporting Framework Submission to the International Integrated Reporting Council regarding the Consultation Draft of the International Integrated Reporting Framework JULY 2013 Business Council of Australia July 2013 1 About

More information

ISO TC46/SC11 Archives/records management

ISO TC46/SC11 Archives/records management ISO TC46/SC11 Archives/records management GUIDANCE FOR IMPLEMENTING DOCUMENTED INFORMATION CLAUSE USING PROCESSES AND CONTROLS OF ISO 30301:2011 Management system for records EXPLANATORY PAPER NOVEMBER

More information

Consolidation Team INSPIRE Annex I data specifications testing Call for Participation

Consolidation Team INSPIRE Annex I data specifications testing Call for Participation INSPIRE Infrastructure for Spatial Information in Europe Technical documents Consolidation Team INSPIRE Annex I data specifications testing Call for Participation Title INSPIRE Annex I data specifications

More information

Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679

Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 Adopted on 25 May 2018 Contents 1. Introduction... 2 1.1. Scope

More information

GDPR: A technical perspective from Arkivum

GDPR: A technical perspective from Arkivum GDPR: A technical perspective from Arkivum Under the GDPR, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection

More information

Project Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives

Project Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives Project 2014-02 - Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives Violation Risk Factor and Justifications The tables

More information

Records Retention Policy

Records Retention Policy June 21, 2017 Table of Contents 1 Introduction...3 1.1 Purpose...3 1.2 Scope...3 1.3 Review Cycle...3 1.4 Document Owner...3 1.5 Definitions...3 2 Policy...4 2.1 Records and Record Storage...4 2.2 Applicable

More information

CONTINUING PROFESSIONAL DEVELOPMENT RULES

CONTINUING PROFESSIONAL DEVELOPMENT RULES Independent Objective Authoritative The home for property professionals in Australia Australian Property Institute Limited CONTINUING PROFESSIONAL DEVELOPMENT RULES Reference Continuing Professional Development

More information

SPRING-FORD AREA SCHOOL DISTRICT

SPRING-FORD AREA SCHOOL DISTRICT No. 801.1 SPRING-FORD AREA SCHOOL DISTRICT SECTION: TITLE: OPERATIONS ELECTRONIC RECORDS RETENTION ADOPTED: January 25, 2010 REVISED: October 24, 2011 801.1. ELECTRONIC RECORDS RETENTION 1. Purpose In

More information

Higher National Unit specification: general information. Graded Unit title: Computer Science: Graded Unit 2

Higher National Unit specification: general information. Graded Unit title: Computer Science: Graded Unit 2 Higher National Unit specification: general information This Graded Unit has been validated as part of the HND Computer Science. Centres are required to develop the assessment instrument in accordance

More information

APPENDIX THREE RETENTION AND DISPOSAL SCHEDULE IMPLEMENTATION GUIDELINES FOR NSU PROVIDERS

APPENDIX THREE RETENTION AND DISPOSAL SCHEDULE IMPLEMENTATION GUIDELINES FOR NSU PROVIDERS APPENDIX THREE RETENTION AND DISPOSAL SCHEDULE IMPLEMENTATION GUIDELINES FOR NSU PROVIDERS National Screening Unit Version 3 April 2012 Prepared by SWIM Ltd 2012 1 Table of Contents 1 What is a retention

More information

DRI: Dr Aileen O Carroll Policy Manager Digital Repository of Ireland Royal Irish Academy

DRI: Dr Aileen O Carroll Policy Manager Digital Repository of Ireland Royal Irish Academy DRI: Dr Aileen O Carroll Policy Manager Digital Repository of Ireland Royal Irish Academy Dr Kathryn Cassidy Software Engineer Digital Repository of Ireland Trinity College Dublin Development of a Preservation

More information

Asda. Privacy and Electronic Communications Regulations audit report

Asda. Privacy and Electronic Communications Regulations audit report Asda Privacy and Electronic Communications Regulations audit report Executive summary May 2018 1. Background and Scope The Information Commissioner may audit the measures taken by the provider of a public

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management

More information

Higher National Unit specification: general information. Graded Unit 2

Higher National Unit specification: general information. Graded Unit 2 Higher National Unit specification: general information This Graded Unit has been validated as part of the HND Computing: Software Development. Centres are required to develop the assessment instrument

More information

Certification Report

Certification Report Certification Report EAL 2+ Evaluation of Data ONTAP Version 7.2.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme

More information

IMS 5047 MANAGING BUSINESS RECORDS

IMS 5047 MANAGING BUSINESS RECORDS 1 IMS 5047 MANAGING BUSINESS RECORDS TOPIC 3 - Records Management Systems Week Eight: Metadata, data structures and the capture of records Objectives see Unit Outline Some of the objectives of this unit

More information

LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE. Loughborough University (LU) Research Office SOP 1027 LU

LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE. Loughborough University (LU) Research Office SOP 1027 LU LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE Loughborough University (LU) Research Office SOP 1027 LU Process for Writing Study Protocols for NHS Research Sponsored by Loughborough

More information

Create Once Use Many Times

Create Once Use Many Times Create Once Use Many Times The Clever Use of Metadata in egovernment and ebusiness Processes in Networked Environments ARC Linkage Project 2003-2005 www.sims.monash.edu.au/research/rcrg / 1 Outline The

More information

Audit Considerations Relating to an Entity Using a Service Organization

Audit Considerations Relating to an Entity Using a Service Organization An Entity Using a Service Organization 355 AU-C Section 402 Audit Considerations Relating to an Entity Using a Service Organization Source: SAS No. 122; SAS No. 128; SAS No. 130. Effective for audits of

More information

HIPAA Privacy, Security and Breach Notification

HIPAA Privacy, Security and Breach Notification HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance

More information

Basic Requirements for Research Infrastructures in Europe

Basic Requirements for Research Infrastructures in Europe Dated March 2011 A contribution by the working group 1 Access and Standards of the ESF Member Organisation Forum on Research Infrastructures. Endorsed by the EUROHORCs on 14 April 2011. Introduction This

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document

More information

Small Entities Audit Manual (SEAM)

Small Entities Audit Manual (SEAM) Small Entities Audit Manual (SEAM) CPA Australia Ltd ( CPA Australia ) is the largest professional organisation in Australia with more than 132,000 members of the financial, accounting and business profession

More information

Certification Report

Certification Report Certification Report EMC VNX OE for Block v05.33 and File v8.1 with Unisphere v1.3 running on VNX Series Hardware Models VNX5200, VNX5400, VNX5600, VNX5800, VNX7600, and VNX8000 Issued by: Communications

More information

Information for entity management. April 2018

Information for entity management. April 2018 Information for entity management April 2018 Note to readers: The purpose of this document is to assist management with understanding the cybersecurity risk management examination that can be performed

More information

Guidance Solvency II data quality management by insurers

Guidance Solvency II data quality management by insurers Guidance Solvency II data quality management by insurers De Nederlandsche Bank N.V. Guidance Solvency II data quality management by insurers Guidance document of De Nederlandsche Bank N.V., dated 1 September

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access

More information

Have Records Management Fundamentals Changed with the Revision of ISO 15489?

Have Records Management Fundamentals Changed with the Revision of ISO 15489? Have Records Management Fundamentals Changed with the Revision of ISO 15489? Richard Jeffrey-Cook FIRMS CITP MBCS 17 th May 2016 IRMS Conference, Brighton Have Records Management Fundamentals Changed with

More information

Stakeholder and community feedback. Trusted Digital Identity Framework (Component 2)

Stakeholder and community feedback. Trusted Digital Identity Framework (Component 2) Stakeholder and community feedback Trusted Digital Identity Framework (Component 2) Digital Transformation Agency This work is copyright. Apart from any use as permitted under the Copyright Act 1968 and

More information

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) Adopted on 4 December 2018 Adopted 1 Contents 1 Introduction... 3 2

More information

Diplomatic Analysis. Case Study 03: HorizonZero/ZeroHorizon Online Magazine and Database

Diplomatic Analysis. Case Study 03: HorizonZero/ZeroHorizon Online Magazine and Database Diplomatic Analysis Case Study 03: HorizonZero/ZeroHorizon Online Magazine and Database Tracey Krause, UBC December 2006 INTRODUCTION The InterPARES 2 case study 03 was proposed to explore the distinction

More information

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010 Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes

More information

Management: A Guide For Harvard Administrators

Management: A Guide For Harvard Administrators E-mail Management: A Guide For Harvard Administrators E-mail is information transmitted or exchanged between a sender and a recipient by way of a system of connected computers. Although e-mail is considered

More information

Indexing Field Descriptions Recommended Practice

Indexing Field Descriptions Recommended Practice Indexing Field Descriptions Recommended Practice Service Alberta Enterprise Information Management Developed: Last Updated: https://www.alberta.ca/enterprise-information-management.aspx Contents Indexing...

More information

Access to University Data Policy

Access to University Data Policy UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public

More information

Information Technology Branch Organization of Cyber Security Technical Standard

Information Technology Branch Organization of Cyber Security Technical Standard Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:

More information

Provider Monitoring Report. City and Guilds

Provider Monitoring Report. City and Guilds Provider Monitoring Report City and Guilds 22 May 2017 to 3 August 2017 Contents 1 Background 1 1.1 Scope 1 1.2 Provider Monitoring Report Timeline 2 1.3 Summary of Provider Monitoring Issues and Recommendations

More information

4.2 Electronic Mail Policy

4.2 Electronic Mail Policy Policy Statement E-mail is an accepted, efficient communications tool for supporting departmental business. As provided in the Government Records Act, e-mail messages are included in the definition of

More information

Data Integrity and the FDA AFDO Education Conference

Data Integrity and the FDA AFDO Education Conference Data Integrity and the FDA AFDO Education Conference June, 2018 OUR EXPERIENCE YOUR SUCCESS 1 Data Integrity What does it mean to you? 2 Data Integrity What does FDA say about data integrity No legal definition

More information

MODELING DIGITAL RECORDS CREATION, MAINTENANCE AND PRESERVATION. Modeling Cross-domain Task Force Report. [including Appendices 14, 15 and 16]

MODELING DIGITAL RECORDS CREATION, MAINTENANCE AND PRESERVATION. Modeling Cross-domain Task Force Report. [including Appendices 14, 15 and 16] International Research on Permanent Authentic Records in Electronic Systems (InterPARES) 2: Experiential, Interactive and Dynamic Records PART FIVE MODELING DIGITAL RECORDS CREATION, MAINTENANCE AND PRESERVATION

More information

EDPB Certification Guidelines

EDPB Certification Guidelines EDPB Certification Guidelines Public Consultation: Comments submitted by SCOPE Europe bvba/sprl Published and Submitted: 10. July 2018 1 About SCOPE Europe sprl SCOPE Europe is a subsidiary of Selbstregulierung

More information

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed

More information

Reliability Standard Audit Worksheet 1

Reliability Standard Audit Worksheet 1 Reliability Standard Audit Worksheet 1 PRC-004-3 Protection System Misoperation Identification and Correction This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered

More information

Usability Evaluation as a Component of the OPEN Development Framework

Usability Evaluation as a Component of the OPEN Development Framework Usability Evaluation as a Component of the OPEN Development Framework John Eklund Access Testing Centre and The University of Sydney 112 Alexander Street, Crows Nest NSW 2065 Australia johne@testingcentre.com

More information

EA-7/05 - EA Guidance on the Application of ISO/IEC 17021:2006 for Combined Audits

EA-7/05 - EA Guidance on the Application of ISO/IEC 17021:2006 for Combined Audits Publication Reference EA-7/05 EA Guidance on the Application of ISO/IEC 17021:2006 for Combined Audits PURPOSE This document has been prepared by a task force under the direction of the European Cooperation

More information

ARTICLE 29 DATA PROTECTION WORKING PARTY

ARTICLE 29 DATA PROTECTION WORKING PARTY ARTICLE 29 DATA PROTECTION WORKING PARTY 18/EN WP261 Article 29 Working Party Draft Guidelines on the accreditation of certification bodies under Regulation (EU) 2016/679 Adopted on 6 february 2018 1 THE

More information

Texas A&M University: Learning Management System General & Application Controls Review

Texas A&M University: Learning Management System General & Application Controls Review Overall Conclusion Overall, the controls established over the primary learning management system at Texas A&M University, Blackboard Learn (ecampus), are effective in providing reasonable assurance that

More information