Agency leaders, from chief information officers to agency records officers to information security managers, are at an intersection of the technology revolution, where the cultural shift toward a digital world and the demanding requirements of security and compliance often collide. When it comes to managing information assets, agencies need tools that allow for collaboration, workflow processes and content management, and the flexibility to meet the needs of a changing content landscape — all while maintaining the...
Agency leaders, from chief information officers to agency records officers to information security managers, are at an intersection of the technology revolution, where the cultural shift toward a digital world and the demanding requirements of security and compliance often collide. When it comes to managing information assets, agencies need tools that allow for collaboration, workflow processes and content management, and the flexibility to meet the needs of a changing content landscape — all while maintaining the security standards and structural controls that government IT demands.
Legal requirements can be cumbersome for government IT organizations as they strive to implement records management and security measures to protect classified information and the privacy of individuals. Especially with a multitude of regulatory mandates and governmentwide requirements that vary greatly, including directives advocating for open-source solutions and a cloud-first approach to implementing Department of Defense (DoD)-level security standards.
When it comes to government-wide mandates for federal records management, agencies have some immediate needs to address: They have looming deadlines to manage both permanent and temporary records — including email — in an electronically accessible format by the end of 2016, and to manage all permanent electronic records in an electronic format by 2019. These are just a few requirements impacting federal technology decisions in 2016.
Let’s explore these and a few others, and explain what they mean for government IT decision makers.
Emails and electronic records requirements
In 2011, the White House issued a memorandum, Managing Government Records, acknowledging the growing role in government decision-making that emails, social media and other electronic records play. Recognizing that the digital transformation was affecting government agencies as much as the private sector, agencies were required to take a number of steps to preserve and manage electronic records.
Email records. While emails by definition are electronic, for many agencies the routine method of managing them as federal records involves printing out the emails, including all of the emails in a lengthy chain, and then managing those as they would a traditional paper record. In 2012, the Office of Management and Budget (OMB), in response to the President’s memorandum, updated its records policies to require all federal agencies to manage permanent and temporary email records electronically by the end of 2016. The directive designates the National Archives and Records Administration (NARA) to set the guidelines and target dates for this implementation. Many agencies are struggling to find a way to meet this mandate and are still looking for guidance on a multitude of questions including system and solution requirements, email retention and best practices, CAPSTONE, FOIA requirements and how to plan for the future. The National Security Archive recently released their 2016 “Email Alert,” which found that one in six federal agencies failed to file the mandatory self-assessment on email management. This has led to agencies such as DIA, Department of the Treasury, and the Nuclear Regulatory Commission acknowledging that they will likely miss the Dec. 31, 2016 deadline. NARA has worked to provide a set of best practices and approved solutions to help agencies meet the deadline.
Electronic records. In government, records are used to assess the impact of programs, improve business processes and share knowledge. With the volume of electronic records quickly increasing, the ability to effectively manage them in an automated system is critical to meeting business requirements, mission needs and new federal records management mandates like NARA/OMB 2016. The Managing Government Records memorandum also requires agencies to establish a system to manage all permanent records electronically for eventual transfer and accessioning by NARA, and gives a Dec. 31, 2019 deadline for this mandate.
While the 2016 deadline looms on the horizon, agencies should be cautious to keep 2019 in their line of sight and think even beyond that. Looking to short-term solutions that only address particular deadlines and mandates can lead to costly decisions in the long-term. Agencies that are utilizing email archiving solutions will need to implement either an existing electronic records system or a new records management system. Since the 2019 mandate requires an electronic format as well, it is more efficient and less costly to implement one solution to meet both mandates. Agencies should consider implementing a records system with both goals in mind.
The push for open source
Although the federal government has not issued final guidance specifically requiring open-source platforms for information and asset management, there are clear indications that open-source solutions should be given at least as much consideration — if not more — than proprietary systems. In its Managing Government Records Directive – Automated Electronic Records Management Report/Plan, published September 2014, NARA discussed the use of open-source tools as part of the solution of “how” to implement new or better automated records management technology and encourages external involvement from the agency workforce to develop them.
Government IT leaders favor open-source software solutions for a variety of reasons, including that they allow source code to be owned and maintained, facilitate the use of new applications and identify bugs in the system more quickly than proprietary solutions. It also means that the government community can use and re-use code and modules that have been created to meet government-specific needs, thereby saving time, money, and valuable internal resources.
The White House committed to adopting a governmentwide open source software policy in its Second Open Government National Action Plan that “will support improved access to custom software code developed for the federal government,” emphasizing that using and contributing back to open source software can fuel innovation, lower costs, and benefit the public. In support of that commitment, the OMB recently released a draft policy to improve the way custom-developed government code is acquired and distributed moving forward. This policy is consistent with the federal government’s longstanding policy of ensuring that federal investments in IT are merit-based, improve the performance of government, and create value for citizens.
This policy requires that, among other things: (1) new custom code whose development is paid for by the federal government be made available for use across federal agencies; and (2) a portion of that new custom code be released to the public as open source software.
Moving to the cloud
In 2010, then federal Chief Information Officer Vivek Kundra identified the move to cloud computing as part of the plan to reform federal IT management. So how does the right cloud solution affect information and asset management? Given the sensitivity level of much government agency data, security is at the forefront of every agency’s criteria. But the choice of the right cloud solution has moved beyond the options of choosing between on-premises or off-premises, and must now include a hybrid solution that allows agencies to move data among the two. The right hybrid solution delivers the best of both worlds by providing the stability and governance found in on-premises systems, but also delivering secure extensions of those facilities to remote users via the cloud. In addition, it will ensure alignment of metadata rules and a smooth path back to local records management. As government IT managers evaluate their options for cloud adoption, they need to take into consideration application platforms that support a hybrid approach for sensitive data.
If these requirements aren’t challenging enough, agencies are often stuck with using older legacy systems or proprietary technologies that are cumbersome to implement, costly to maintain, do not provide the agility to readily handle newer applications, and are not user-friendly for their workforce. As a result, user-adoption is at best difficult, and at worst forces employees to resort to consumer-grade applications that put security and privacy at risk.
The challenge for agency leaders is to implement more modern systems that look and feel familiar to users, integrate seamlessly with new and existing applications, and make records management and compliance simple to execute while meeting the wide variety of government mandates. When analyzing which platforms will best support all these needs, consider solutions that are:
Cost-effective. Pick a platform that does not require an upfront license fee and instead uses a subscription-based model covering both operations and maintenance, and enables agencies to scale up and down without needing to count their users.
Open standards based. Through protocols such as Content Management Interoperability Services (CMIS), Common Internet File System (CIFS), Web Distributed Authoring and Versioning (WebDAV), Representational State Transfer (REST) and Simple Object Access Protocol (SOAP), agencies should choose solutions that can interoperate with existing government applications, infrastructure and desktop software, with an open approach that makes innovation and adoption easy.
Agile. Make sure that applications can be quickly built, deployed and modified as needs change.
Flexible. Avoid vendor lock-in with a solution that offers freedom of choice and the opportunity to leverage existing and new technologies with the platform to deliver a complete solution.
Compliant. Make sure your IT solutions meet many of the most stringent regulatory requirements associated with government.
Cloud-ready. The solution should allow secure mobile access and collaboration for cloud-based content.This administration has made it a priority for federal agencies to establish a 21st century IT framework. Careful planning, implementation, and the right tools can align the digital world with federal mandates and agency objectives, especially as modern solutions become increasingly available across the federal market.
Austin Adams is the vice president of public sector for Alfresco.