On Sep 12, 2007, at 12:00 AM, RECMGMT-L automatic digest system wrote:
> From: Peter Kurilecz <[log in to unmask]>
> Subject: Re: Record/Tape Chain of Custody question
>
> On 9/11/07, Gerard J. Nicol <[log in to unmask]> wrote:
>> Hi,
>
>> Anyway, my question to you all is what part if any does the
>> requester of a
>> record have in the chain of custody given that the requester might
>> not
>> actually be someone who physically handles the record (or tape in
>> this
>> instance).
>
>
> Gerard
>
> the vast majority of boxhead records managers will record who
> requested a record from inactive storage and the requester is
> responsible for the item requested until it is returned to storage.
> the same should apply to tape requests.
I think this could be an interesting topic in that the liability for
tape and other computer media
such as hard drives, etc stored offsite is huge. In tape management,
the actual list of people
allowed to even request media is a very short list. Typically the
tapes in rotation are on a defined
schedule. Any request outside of this schedule is limited to specific
individauls and many
organizations require a dual control. If I request a tape not in a
standard rotation, then the
organization storing the tape whether it be Secure Media Vault of
Austin, Texas or the client's
own records center would then call the person respnsible for the dual
control and verify that I am
authorized to bring that tape back on special call. So if Peter is my
supervisor he would approve
my recall. If he detected some unusual behavior then he is the one at
fault as he was the dual
security control on my request.
This is where records managers could play an active roll. Why not
have them in the Chain of Custody
with command authority.
It is also equally important that someone not be able to send
containers offsite to the records center,
if they are not doing it per the Tape Management Plan. I will not go
into detail but items could be in
that container that could endanger all the tapes in a offsite
collection of tapes and media.
The Chain of Custody management should be very precise and who better
to do that than a records
manager. We are already seeing some of that from previous
discussions. Banks and Brokerage firms
are very demanding of the chain of custody. Kathy Fortenberry and I
were talking about this earlier today
or was that yesterday. Since Kathy is in Colorado it is still today
there.
The Chain of Custody is just another technique to use to insert
records management into the IT
equation. In tapes where money is involved they demand that you treat
all requests outside the
Tape Management Schedule as attempted fraud and you must go through a
procedure to prove that it is not.
Only after you prove it is legitimate do you release the tape for
delivery or schedule a container pick up.
Here is a great idea for a product. A tape transfer case that has a
window in it so you can see what is inside.
Many companies want their tapes moved on and offsite in containers
that employees or vendors cannot open
without alerting the owner to an illicit opening. But sending a
container offsite, that is supposed to have 20 tapes
but only has 18 is an opportunity for fraud. The window would allow
the staff, manager and the driver to see
exactly how many tapes were in the container. In the future RFID
might play a role here.
See isn't this interesting? (Hey I was being serious.)
> I recommend your organization apply CoBit to your IT processes.
>
> Chris Flynn
Chris is CoBit what comes after Two Bits, Four Bits, CoBit a dollar.
I just spent two weeks in a stadium that was 96º F and the seats were
hotter. I was doing Longhorn Cheers so I think I heard that cheer a
few times along with "Texas Fight, Texas Fight, for it is Texas that
we love best." "Cobit a dollar all for the Longhorns stand up and
holler."
Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610) 756-4440 Fax (610) 756-4134
WWW.FIRELOCK.COM
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|