Managing Records and Information in Web Environments: Policies for Multinational Companies.During the past five or so years, companies throughout the world have been working feverishly fe·ver·ish adj. 1. a. Of, relating to, or resembling a fever. b. Having a fever or symptoms characteristic of a fever. c. Causing or tending to cause fever. 2. to reinvent re·in·vent tr.v. re·in·vent·ed, re·in·vent·ing, re·in·vents 1. To make over completely: "She reinvented Indian cooking to fit a Western kitchen and a Western larder" their businesses around Internet and World Wide Web technologies. Many aspects of global business have been touched by these revolutionary technologies -- including records and document management. Corporate intranets are perhaps the major form of Internet technology within companies. Intranets are deployments of standard Internet technologies that are designed to provide common, consistent, and global access to various forms of information, including records and document repositories. In fact, some large multinational companies have declared that, as a matter of policy, their intranet and its Web sites will become the primary method for access to stored electronic information worldwide. This policy has major implications for practitioners of records and information management -- in multinational businesses or indeed in any business that maintains significant information in its Web sites. These professionals must provide sound advice to their companies concerning the management of Web-based information on a global scale. First and foremost, it is imperative to develop common policies and practices for managing records and information in Web environments on an enterprise-wide, global basis. Some Definitions According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the World Wide Web Consortium (www.w3c.org), the World Wide Web is not a physical entity in and of itself; rather, the Consortium defines the Web as a communications protocol Hardware and software standards that govern data transmission between computers. The term "protocol" is very generic and is used for hundreds of different communications methods. A protocol may define the packet structure of the data transmitted or the control commands that manage the that allows multimedia access to the Internet. A Web site is a collection of interlinked Web pages, including a host page, residing at the same network location. A Web page is a document on a Web site that is displayed with a Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. and related Web technologies. Web documents are formatted in hypertext markup language (hypertext, World-Wide Web, standard) Hypertext Markup Language - (HTML) A hypertext document format used on the World-Wide Web. HTML is built on top of SGML. "Tags" are embedded in the text. A tag consists of a "<", a "directive" (in lower case), zero or more parameters and a ">". (HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. ), the computer format code in which Web pages are written. General Policy Matters Global governance Global governance refers to political interaction and the creation and empowering of international organizations aimed at solving problems that affect more than one state or region, when there is no democratic power of enforcing compliance. . Many multinational companies have established a formal entity to assume responsibility for global governance of Web development and sites. These groups include Web committees, boards, authorities, and councils. They typically consist of information technology (IT) specialists, legal counsel, and representatives from various business units. The global records manager should serve on this governing body Noun 1. governing body - the persons (or committees or departments etc.) who make up a body for the purpose of administering something; "he claims that the present administration is corrupt"; "the governance of an association is responsible to its members"; "he to provide technical advice concerning Web management issues. Mandatory adherence. The policy should state that all Web development worldwide must adhere to adhere to verb 1. follow, keep, maintain, respect, observe, be true, fulfil, obey, heed, keep to, abide by, be loyal, mind, be constant, be faithful 2. policy provisions and that the Web-governing authority must expressly approve any exceptions. Computing technologies. To ensure that a company's Web sites are positioned to take advantage of new technology, many policies require the use of specific Internet-related technologies. For example, some policies require that all Web applications must have a Web browser interface. The browser is software that acts as a "client" in the Web computing infrastructure; it allows users to retrieve information from various sources, particularly from Web servers, which are repositories for Web site content that are connected to the Internet. In cases where applications lack such capability, the policy may require that it be retrofitted within a specified period of time. Responsibilities All good Web policies clearly enumerate To count or list one by one. For example, an enumerated data type defines a list of all possible values for a variable, and no other value can then be placed into it. See device enumeration and ENUM. the responsibilities of various parties involved in developing, managing, and using Web resources throughout the enterprise. The responsibilities of the global governing body, information owners The person or group responsible for applying security policies to an information object. , Web site developers, and users are summarized in the following. Global governing body. This group typically assumes global leadership to promote the Internet and the Web as key components of the company's computing environment and strategy, administers Web policy worldwide, grants official approval of all Web sites, maintains a global register of such sites, and oversees other high-level matters. Information owners. The executives and managers of operating business units who "possess" information content residing in Web sites are generally responsible for approving all content accessible through the site and for registering their sites with the global governing body. Moreover, many policies make information owners responsible for aspects of site access and security, such as viewing privileges and security classification levels for site content, as discussed below. Some policies make information owners responsible for determining which Web site content qualifies as official record material and for developing and implementing retention policies applicable to it. Site developers / administrators. These typically come from the global IT staff, although they are sometimes assigned to specific business units. Major responsibilities include developing best practices and technical guidelines for Web page design, Web style, and similar matters, typically issued in the name of the global governing body. Site developers and administrators are also responsible for ensuring that retention policies are properly implemented through archiving or deletion deletion /de·le·tion/ (de-le´shun) in genetics, loss of genetic material from a chromosome. de·le·tion n. Loss, as from mutation, of one or more nucleotides from a chromosome. of Web pages. Users. All employees and other individuals who are authorized au·thor·ize tr.v. au·thor·ized, au·thor·iz·ing, au·thor·iz·es 1. To grant authority or power to. 2. To give permission for; sanction: to use company computing and communications networks The transmission channels interconnecting all client and server stations as well as all supporting hardware and software. are users. Most policies require that external parties, including customers, suppliers, and contractors, must be formally approved to access the company's intranet or the Internet from within company facilities. Further, most Web policies make users responsible for complying fully with all legal and security policy provisions. Some policies require that users execute certificates of compliance and stipulate stip·u·late 1 v. stip·u·lat·ed, stip·u·lat·ing, stip·u·lates v.tr. 1. a. To lay down as a condition of an agreement; require by contract. b. penalties for non-compliance -- including dismissal. Web Content In addition to governance and responsibilities, Web policies include provisions for the nature of content, its access, indexing, and search criteria, as well as legal issues, security, and protection matters. Each of these is discussed below. Content creation. Good Web policies are proactive with respect to Web content creation. The policy permits, even encourages, business units to create Web content that adds value to the business. Authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. of "official" content. Many Web policies differentiate between "official" and "nonofficial" content. Distinctions between these terms can become somewhat ponderous pon·der·ous adj. 1. Having great weight. 2. Unwieldy from weight or bulk. 3. Lacking grace or fluency; labored and dull: a ponderous speech. See Synonyms at heavy. ; generally, sites used by collaborative workgroups that contain "work-in-process" or draft documents are characterized as nonofficial, while sites containing approved documents maintained for retention purposes are considered official. Moreover, Web policies may require that sites contain notices informing their viewers of this distinction. Unauthorized content. Nearly all Web policies contain explicit provisions pertaining per·tain intr.v. per·tained, per·tain·ing, per·tains 1. To have reference; relate: evidence that pertains to the accident. 2. to objectionable material (e.g., racial or sexual content) as unauthorized in Web sites or elsewhere in the company's records and files. Some policies advise employees that the company uses various software "filtering" tools to detect such material that may enter the company through its Web sites. Access and Use Access permission and location. Most Web policies contain provisions governing who may access Web sites and from what locations. Access categories include company-wide, need-to-know, employee access from home and access by non-company employees. Indexing and searching. Many corporate Web policies neglect this very important matter. Although many companies maintain sophisticated search tools to facilitate use of their Web sites, many sites are poorly designed, organized, and indexed, and it can sometimes be difficult to access their content quickly and efficiently. At a minimum, policies should require that all Web sites' content be organized and indexed to facilitate effective use. More preferably, records and document management specialists should prepare detailed practice guidelines practice guidelines Medical practice A set of recommendations for Pt management that identifies a specific or range of range of management strategies. See Peer review organization, Practice standards. Cf 'Cookbook' medicine. concerning this matter. The principles of hierarchical searching -- from general to specific content -- are just as relevant to content searching in Web sites as they are in other document storage and retrieval environments. Metadata. In a Web context, metadata is the labeling, cataloging, and descriptive information structured to allow Web-based information to be properly searched and processed. Many policies contain technical guidelines specifying the requirements for metadata in the management of Web resources. Web policies should address metadata's role in the indexing and searching of Web content as well. Legal Issues Web content as property. Many Web policies state that any and all content residing in Web sites is company property and is thus subject to reasonable management controls as prescribed by the policy. Intellectual property protection. Most Web policies prohibit posting copyrighted information to Web sites without the copyright owner's permission. Moreover, some policies require that copyright notices be posted at all Web sites' entry points. Privacy issues. Employees should be advised that their Internet and Web site use may be monitored by the company for compliance with security and acceptable use requirements and, further, that there can be no presumption of privacy in connection with such usage. Moreover, the policy should prohibit Web sites from unlawful or unethical unethical said of conduct not conforming with professional ethics. violations of individuals' privacy, be they internal employees or external parties. For example, many Web policies specifically prohibit posting social security numbers or other identifying information. Finally, the policy should address the issue of whether, or under what circumstances, employee information in Web sites can be sent to internal or external parties without their consent. If such data transmission occurs across national borders, privacy issues related to transborder data flow become relevant Transborder data flow. This privacy issue is of direct relevance to multinational companies because it pertains to data concerning non-U.S. citizens that may be imported into or exported from U.S.-based Web sites. U.S. export control regulations restrict the export of certain specified information to foreign nationals. Generally, these restrictions pertain to pertain to verb relate to, concern, refer to, regard, be part of, belong to, apply to, bear on, befit, be relevant to, be appropriate to, appertain to national security or defense matters. In cases where such data resides in Web sites, the policy should contain explicit prohibitions pertaining to its export. Conversely con·verse 1 intr.v. con·versed, con·vers·ing, con·vers·es 1. To engage in a spoken exchange of thoughts, ideas, or feelings; talk. See Synonyms at speak. 2. , if the company's Web sites contain data on non-U.S, citizens, the policy may need to address this. For example, the European Union European Union (EU), name given since the ratification (Nov., 1993) of the Treaty of European Union, or Maastricht Treaty, to the European Community (E.U.) has recently promulgated prom·ul·gate tr.v. prom·ul·gat·ed, prom·ul·gat·ing, prom·ul·gates 1. To make known (a decree, for example) by public declaration; announce officially. See Synonyms at announce. 2. privacy directives regarding computer data on private individuals residing in E.U. member states. These requirements are more stringent than similar ones in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. , but U.S.-based multinational companies should certainly consider them (if not comply fully with them) in maintaining Web sites with data about their European customers. Security and Protection Internal vs. publicly accessible sites. The policy issue is whether the site is intended for internal company use only or whether it is publicly accessible "beyond the firewall." Web policies frequently contain separate security provisions for both types of sites; sometimes, two separate policies are prepared. Means of protection A means of protection is some contract or guarantee of security for body or property. It is usually achieved, in a modern state society, by agreeing to some social contract including a monopoly on violence, e.g. . Most companies use a variety of methods to protect the integrity of their Web sites and the data residing in them. These include passwords, encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. , digital signatures, firewalls, various physical controls over Web servers, and requirements for data backup. The Web policies generally vary in their level of detail concerning these measures that must be instituted. Security classification. Many policies require that all documents and information residing in Web sites be considered proprietary and subject to appropriate access restrictions. Three security classifications are frequently used: secret, confidential, and general. Secret and confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead is typically restricted on a need-to-know basis to designated individuals or categories of employees, while general information is often unrestricted and open to access by all Web users. Moreover, many policies require that secret information be protected by means of encryption, while confidential information must be encrypted en·crypt tr.v. en·crypt·ed, en·crypt·ing, en·crypts 1. To put into code or cipher. 2. Computer Science in cases where it is open to access by external parties. Retention of Web Content To what extent should Web site content be subject to life cycle management through an organization's records retention policies and practices? This is one of the most frequently forgotten aspects of Web policies. As Nathan Myrvold, the former chief technology officer at Microsoft Corp., said: "The Web isn't naturally archival; Web content won't automatically archive itself." This succinctly suc·cinct adj. suc·cinct·er, suc·cinct·est 1. Characterized by clear, precise expression in few words; concise and terse: a succinct reply; a succinct style. 2. underscores the importance of retention policies and practices applied to recordkeeping in Web environments. It suggests that at least some Web content does, in fact, possess long-term value and that policies and practices need to be put in place to address this. Some policies state that Web pages are official records because they document the mission and organizational status of the business, as well as its policies and other key aspects. Thus, this information content is subject to life cycle management under retention policies and may not be destroyed except in accordance with the organization's records retention schedules. On the other hand, Web content that does not qualify as official records should be defined as non-record material. Retention schedules often authorize To empower another with the legal right to perform an action. The Constitution authorizes Congress to regulate interstate commerce. authorize v. to officially empower someone to act. (See: authority) non-record content to be overwritten or deleted within a specified period of time following the final posting of the updated version of documents or pages. Regardless of whether the policy distinguishes between official records and non-records for retention purposes, the fundamental principle is that all Web pages must be handled and managed as records. In the context of retention, this means determining how long Web content should be retained as a matter of policy. The following specific principles should govern these determinations: * Web pages, in and of themselves, do not constitute a single records series for retention purposes. Web pages may consist of important record content that requires long-term retention as well as content of ephemeral Temporary. Fleeting. Transitory. , short-term retention value. There is no single retention period for all Web pages. Retention decisions should be based on the content, use, and value of the information and whether these factors decline over time. * Web pages vary in purpose. Some contain recorded information, while others serve as portals or front-ends to other information, such as documents and databases. Given this interrelationship in·ter·re·late tr. & intr.v. in·ter·re·lat·ed, in·ter·re·lat·ing, in·ter·re·lates To place in or come into mutual relationship. in among pages in a site, changes to any one page can have implications for other pages in the site. Moreover, links to external sites can complicate com·pli·cate tr. & intr.v. com·pli·cat·ed, com·pli·cat·ing, com·pli·cates 1. To make or become complex or perplexing. 2. To twist or become twisted together. adj. 1. the archiving and retention of Web pages, because modifying or deleting one or more pages can adversely impact site navigation. While a given Web page may be archived, its linked sites may change or disappear over time. * Given the elaborate formatting characteristics of many Web pages, archiving of printed copies will not necessarily preserve content or functionality. If Web pages have distinctive presentation formats or other attributes considered to possess record value, this factor must be considered in formulating retention policies. * Retention decisions concerning Web content should consider the uniqueness of the information, whether the Web version should be considered the official copy for retention purposes, or whether another version, either in electronic or physical media format, should be the retained version. If Web pages contain original information that is not replicated in other formats, they should be scheduled for retention. If not, they can be considered as copies for retention purposes. * A retention period, determined based on content, is relevant to Web pages that consist of such content and may apply to them. * The functionality to execute retention periods for all record material residing in Web environments must be incorporated at the time of the site's initial deployment. Alternatively, such functionality must be incorporated not later than a specified time (frequently six months or one year) from the time of initial deployment. * The recommended method for archiving Web pages is to copy them prior to making any changes. In addition, "snapshot" copies of all or partial Web site content should be made at predetermined pre·de·ter·mine v. pre·de·ter·mined, pre·de·ter·min·ing, pre·de·ter·mines v.tr. 1. To determine, decide, or establish in advance: intervals for both backup and archiving purposes. Linked pages that have significant information content with retention value should be copied when the relevant Web pages are archived. * Finally, Web policies should require that information remains current. In fact, the dynamic content of Web pages makes version control a critical component of site management. To ensure information is current, many Web policies require that all documents and Web pages show an expiry date expiry date expire n → date f d'expiration; (on label) → à utiliser avant ... expiry date expire n → Ablauftermin m . When a superseded page is deleted, it should be replaced with a notice of deletion, the date the deletion occurred, and a "return to" link. This notice should remain available for a predetermined period of time. Particularly in collaborative workgroup sites, more elaborate schemes for version control may be required. In these cases, the retention policy should address the process of retaining and disposing of superseded versions of documents. David Stephens, CRM (Customer Relationship Management) An integrated information system that is used to plan, schedule and control the presales and postsales activities in an organization. , CMC (Common Messaging Calls) A programming interface specified by the XAPIA as the standard messaging API for X.400 and other messaging systems. CMC is intended to provide a common API for applications that want to become mail enabled. 1. , FAI, is vice president for the records management consulting Noun 1. management consulting - a service industry that provides advice to those in charge of running a business service industry - an industry that provides services rather than tangible objects firm of Zasio Enterprises Inc. He has been a consultant in the field of records management for more than 18 years and has published books and articles about information management in the United States and abroad. The author may be reached at dostephens@zasio.com. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion