RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Content-Type:
text/plain; charset=ISO-8859-1; format=flowed
Date:
Thu, 31 May 2007 13:09:18 -0700
Content-Disposition:
inline
Reply-To:
Records Management Program <[log in to unmask]>
Subject:
Re: 5015, "classified", and DOD certification
MIME-Version:
1.0
Content-Transfer-Encoding:
7bit
Sender:
Records Management Program <[log in to unmask]>
From:
Larry Medina <[log in to unmask]>
Parts/Attachments:
text/plain (70 lines) 
On 5/31/07, Nolene Sherman <[log in to unmask]> wrote:
>
>
> I believe when the DoD talks about "Classified" documents, that means
> national security, read-it-and-we-have-to-kill-you level documents, not your
> run-of-the-mill sensitive personal information.


As always, Nolene adds a touch of reality here =)

Being someone who deals with R-I-A-W-H-T-K-Y types of materials, I can
verify that's what DOD is speaking about when they use this term.

Similar to the way many vendors tend to misuse the word "Standards", many
organizations use the word "Classified": to refer to Proprietary,
Confidential, Sensitive, or other types of documents that they wish to
protect from individuals that don't have a need to access the content.

Another think to keep in mind here is DOD5015 is a "Design Criteria Standard
for Electronic Records Management Software Applications"  , which
establishes the baseline needs for a COTS product to be approved for use by
the DOD, or others doing work under their management umbrella.  And before
someone asks, NOPE.. it's not a true Standard... if you want to know more
about this, spend some time poking around here:
http://ansi.org/about_ansi/accredited_programs/overview.aspx?menuid=1

In 2003, NARA reaffirmed it's position from 1998 endorsing the DOD document
as conforming with the requirements of the Federal Records Act and
regulations promulgated in 36CFR, Parts 1220-1238 for managing Federal
Records.

http://www.archives.gov/records-mgmt/bulletins/2003/2003-03.html

At that time,  NARA recommended that Federal Agencies consider this as a
means of selecting RMAs for their further use, but there was never a mandate
issued.  Many Agencies had their own guidelines that were similar but
different than DOD 5015, and not nearly as comprehensive.. and none of them
addressed the issue of "classified material handling".

More recently, NARA is becoming a bit more vociferous about the desire to
see Federal Agencies use DOD 5015.2 as THE benchmark for determining the
appropriateness of an RMA for deployment by Agencies, but as you will see on
this advice, they are still allowing a bit of "wiggle room".

http://www.archives.gov/records-mgmt/policy/requirements-guidance.html

It's sort of a "carrot and stick" approach, but until NARA is willing to
provide the funding to all Agencies to purchase software, implement, and
deploy specific software, they can't mandate the requirements... only what
it must accomplish.  And what makes it a bigger issue is many/most Federal
Agencies have much of their work done by Contractors, so if the requirement
is pushed down to them, it will have to be supported by the requisite
funding to purchase, convert, implement, deploy, and support these systems.

Another point to mention here is "not all 5015.2 approved tools are created
equal".   They all have to meet baseline requirements, but in some cases,
the application excels at doing something in a very effective and efficient
manner, where in other cases, it just does it.  It may take you 2 or 3 steps
to accomplish something in one RMA, where in another, it may take 15 or 15
steps... and they can BOTH be certified.

Larry
-- 
Larry Medina
Danville, CA
RIM Professional since 1972

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2