The URL can be used to link to this page

CLERK-003 - Information Management Policy_2012 Information Management Policy for the City of Saint John Document Title: Information Management Policy Document Type: Policy No. of Pages: 10 Scope: Applies to the City of Saint John Policy No.: Revision No.: 2012-08-27 Revision History:  Supersedes the Records Management Policy approved by Common Council on April 28, 2008 th  Revises the Information Management Policy approved by Common Council on August 27, 2012 by replacing the term “GARP” with the term “The Principles”. Date Created: Council Approval Date: Contact: 2012-09-24 Office of the Common Clerk 2012-09-18 1 Information Management Policy for the City of Saint John TABLE OF CONTENTS 1. PURPOSE ................................................................................................................................ 3 2. POLICY STATEMENT ................................................................................................................ 3 3. SCOPE ..................................................................................................................................... 3 4. POLICY CONTEXT .................................................................................................................... 3 5. LEGISLATION AND STANDARDS ............................................................................................... 4 6. INFORMATION MANAGEMENT PROGRAM.............................................................................. 5 7. INFORMATION MANAGEMENT SYSTEMS ................................................................................ 5 8. ROLES AND RESPONSIBILITIES ................................................................................................. 6 9. MONITOR AND REVIEW .......................................................................................................... 7 10. IMPLEMENTATION ................................................................................................................ 7 11. AUTHORIZATION................................................................................................................... 7 12. RESOURCES .......................................................................................................................... 8 13. PROCEDURES ........................................................................................................................ 8 14. GLOSSARY ............................................................................................................................. 8 15. INQUIRIES ............................................................................................................................10 2 Information Management Policy for the City of Saint John 1. PURPOSE Information is the cornerstone of a democratic, effective and accountable municipal government. Information must be managed throughout its lifecycle, allowing for an effective and responsive government. This policy will demonstrate that information management is a priority for the City. 2. POLICY STATEMENT The objective of this policy is to achieve efficient and effective information management to support program and service delivery; foster informed decision making; facilitate accountability; transparency, and collaboration; and preserve and ensure access to information and records for the benefit of present and future generations. 3. SCOPE The Policy applies to all programs and services within the City; this includes programs and services reporting to the City Manager, City Solicitor, Treasurer and Common Clerk. The Policy applies to all aspects of the City’s programs and services, all records and information created during business transactions, and all business applications used to create records and information. 4. POLICY CONTEXT Information Management was recognized as part of the City’s responsibilities in the Royal Charter 1785, and emerged as a distinct activity in a local government context in 1987, when the Provincial Archives introduced a document entitled Authorities Governing the Retention and Disposition of Records of the New Brunswick Municipalities. An Electronic Information Management System (EIMS) was introduced by the City in 2005 using Laserfiche as the software technology. In 2012 further information management responsibilities are required by the City to be compliant with the Right to Information and Protection of Privacy Act. Digital records and information management has been underdeveloped throughout the City and information is not consistently lifecycle managed. In the electronic environment (e.g. e-administration, e-government, e-commerce), records and information processes will increasingly be automated and supported by automated records systems. This is apparent in several projects, such as the Saint John Information Management (SJIM) project, the RTIPPA program, and recent acquisition of specialized automated records systems such as Caseware (Audit Software) and Taleo (Performance Appraisal software) to manage records. The City is embarking on a new approach to manage its information assets in an EIMS that integrates Laserfiche with SharePoint 2010 (LfSP). There are approximately 600 employees using computers across the City and almost all of them creates or works with public records and information. With the new strategy, employees will be required to work within the EIMS and be accountable for accurately identifying information created and stored in the system. Automated systems for managing information, such as but not limited to, the City Website (public portal), Njoyn (Recruiting software), Taleo (Performance Appraisal software) Sungard HTE (Work Orders 3 Information Management Policy for the City of Saint John Software), Caseware (Audit Software), CLASS (Leisure Services contracts software), ATIPXpress (RTIPPA software) will comply with International Standard Organization (ISO) functional requirements for management systems for information and follow legislative and business requirements. The Office of the Common Clerk will develop all information management strategies, and is responsible for the design and review of all information management practices. Implementation will be at the program and service level in accordance with the Policy and operational requirements. 5. LEGISLATION AND STANDARDS The City acknowledges the following laws that relate to records and information management:  Charter of The City of Saint John, 1785 (U.K.) Geo. III as amended  Archives Act, S.N.B. 1977, c.A-11.1 as amended  Community Planning Act, R.S.N.B. 1973, c.C-12 as amended  Electronic Transactions Act, S.N.B. 2011, c.145 as amended  Evidence Act, R.S.N.B. 1973, c.E-11 as amended  Municipalities Act, R.S.N.B. 1973, c.M-12 as amended  Official Languages Act, S.N.B. 2002, c.O.0.5 as amended  Personal Information Protection and Electronic Documents Act, R.S.C. 2000, c.5 as amended  Public Records Act, S.N.B. 2011, c.212 as amended  Right to Information and Protection of Privacy Act, S.N.B, 2009, c.R-10.6 as amended The Information Management Program will develop records and information management systems that capture and maintain records and information with appropriate evidential characteristics in accordance with its obligations under the above-noted statutes. The City acknowledges the following standards that relate to records and information management:  CGSB-72.11.93 Microfilm and Electronic Images as Documentary Evidence, Canadian General Standards Board  CGSB-72.34-2005 Electronic Records as Documentary Evidence, Canadian General Standards Board  ISO 15489-1:2001 Information and documentation – Records management Part 1: General, International Organization for Standardization  ISO 15489-2:2001 Information and documentation – Records management Part 2: Guidelines, International Organization for Standardization  ISO/TR 15801-2006 Electronic Imaging – Information Stored Electronically – Recommendations for Trustworthiness and Reliability  ISO 19005-1:2005 PDF/A, International Organization for Standardization 4 Information Management Policy for the City of Saint John  ISO 23081-1:2006 Records Management Metadata, International Organization for Standardization  ISO 30300:2011 Information and documentation – Management systems for records – Fundamentals and vocabulary  ISO 30301:2011 Information and documentation – Management systems for records - Requirements  DoD 5015.2-STD Electronic Records Management Software Application Design Criteria Standard, USA Department of Defense  The Sedona Canada E-Discovery Principles, the Sedona Conference The City acknowledges the following best practices that relate to records and information management:  Local Government Resource Manual, Section 6 - Records Management, Province of New Brunswick  Guideline for Outsourcing Records Storage to the Cloud, ARMA International, 2010  Guideline for Evaluating Offsite Records Storage Facilities, ARMA International, 2007  Website Records Management, ARMA International, 2009  Generally Accepted Recordkeeping Principles (The Principles), ARMA International, 2011 6. INFORMATION MANAGEMENT PROGRAM The Information Management Program provides strategic guidance and support to the City to achieve a service-based, results oriented, high performance public service organization. The Information Management Program can improve the efficiency and effectiveness of the operations of the City by:  providing better use of resources (space, time, people, money) as valuable time and energy can be wasted trying to find information when there is not an adequate filing system in place  meeting operational requirements (e.g. number of years minutes, financial records are kept)  meeting administrative requirements (day to day activities)  meeting legal requirements (for compliance with laws and for protection and support during litigation)  meeting fiscal requirements (records required for audit)  preserving valuable information The Information Management Program will provide the right information to the right person at the right time. The Information Management Program also includes a records management service, archives service, records filing centre service, and forms management service. 7. INFORMATION MANAGEMENT SYSTEMS The City’s information management systems are dedicated to the creation, maintenance and protection of authentic, reliable and usable records and information for as long as they are required to effectively and efficiently support business functions and activities. 5 Information Management Policy for the City of Saint John The City adopts the Municipal Records Authority for New Brunswick, developed by the Provincial Archives of New Brunswick and the Association of Municipal Administrators of New Brunswick, as the uniform classification system and records retention and disposition schedule for records in all formats. The information management systems will manage the following processes:  creation, receipt or capture of information within the information management system  storage of information  protection of information integrity and authenticity  security of information  access to information  disposal of information in accordance with the approved disposal authority The City will consistently and uniformly manage information in all formats throughout its life-cycle from creation and receipt to final disposition. The City recognizes that the vast majority of its records and information are “born digital” and that the primary information management system is therefore an Electronic Information Management System (EIMS). Paper-based records of the City will be captured within this system through digital imaging. This EIMS is to be used in all programs and services of the City. 8. ROLES AND RESPONSIBILITIES The Office of the Common Clerk is responsible for developing Information Governance policy, directives, standards and guidelines and tools. The Common Clerk is accountable for the Information Governance Policies and Program and delegates the day to day administration and implementation to the Corporate Records Manager. The Common Clerk is also the designated Head of the Right to Information and Protection of Privacy Act (RTIPPA) for the City. The Corporate Records Manager is responsible for overseeing the design, implementation, and maintenance of the Policy, administering the Information Management Program, overseeing lifecycle management of corporate records, stewardship of the SharePoint 2010 working architecture, control over the EIMS systems including quality assurance and metrics reporting, providing Records and Information Management training and awareness sessions as well as monitoring compliance. The Access and Privacy Officer is responsible for administering the Right to Information and Protection of Privacy Program; ensuring that privacy implications are considered in all the City’s activities; advising the City on the appropriate privacy safeguards that need to be implemented when the City is collecting, using, disclosing and disposing of personal information; providing training and awareness sessions; and monitoring compliance. The Manager of Information Technology Services has the responsibility for the management of technology in service delivery for the City including responsibility for security such that the integrity and authenticity of records are maintained and for providing IT training to employees. The Manager of 6 Information Management Policy for the City of Saint John Information Technology Services is also responsible for providing adequate technological infrastructure to ensure the integrity of all electronic information assets. Ultimate accountability for holding employees responsible for complying with the City’s policies including the privacy policies, standards and applicable legislation rests with the City Manager, City Solicitor and Common Clerk. Commissioners and Service Managers must provide management support and leadership by ensuring:  that employees are working with the EIMS and are held accountable for accurately identifying information created and appropriately stored;  effective organization of information throughout their units;  the sound implementation of investment decisions in the management of information and technology;  the ongoing performance measurement of the management of information;  employee compliance competency assessment in annual performance reviews;  that Records Coordinators with a sound knowledge of the information are assigned in the business unit; it is not suitable to assign casuals or summer students to perform the tasks of Records Coordinators as they lack the requisite knowledge to manage the unit’s information and to make decisions concerning the lifecycle management and protection of the business units information assets;  that Records Coordinators (identified and designated at the business unit level) and Commissioners are responsible for supporting records and information management practices as defined by the Policy within their respective areas; and that  City employees are responsible for protecting all information within their realm of responsibility as defined by City policies, standards, guidelines, and applicable legislation. 9. MONITOR AND REVIEW The Policy is subject to review within two years from approval date. The Information Management Program will be subject to review and audits will be conducted by an audit committee established by the Office of the Common Clerk. The audit committee may be comprised of a cross-departmental internal committee or by an independent third party. 10. IMPLEMENTATION The Policy will be implemented upon approval by Common Council. 11. AUTHORIZATION This Policy has been approved by Common Council on September 18, 2012. 7 Information Management Policy for the City of Saint John 12. RESOURCES Print Resources The Municipal Records Authority for New Brunswick (MRA), Municipal Records Management Steering Committee of the Provincial Archives, and the Association of Municipal Administrators of New Brunswick (2011), Fredericton: Government of New Brunswick Office of the Common Clerk (2007), ERMS (MRA/RME Integration): File Plan and Disposition Instructions. Saint John: City of Saint John Human Resources The City recognizes that a Records and Information Implementation Team initially comprised of the Corporate Records Manager, Access and Privacy Officer and Records Coordinators will evolve into corporate Records and Information Management Committee as the program is introduced to business units across the organization. 13. PROCEDURES Information Management procedures will be developed in consultation with the Corporate Records Manager. 14. GLOSSARY Asset Anything that has value to an organization Capture A deliberate action which results in the registration of information into an information management system. For certain business activities, this may be designated into electronic systems so that the capture is concurrent with the creation of records. Classification / Classification System The systematic identification and arrangement of business activities and/or records into categories according to logically structured conventions, methods, and procedural rules represented in a classification system. Disposal /Disposition Refers to the range of processes associated with implementing information retention, destruction or transfer decisions which are documented in authorities or other instruments Disposition Schedule 8 Information Management Policy for the City of Saint John The records retention and disposition schedule gives the City authority to dispose of records it no longer requires. Also known as a retention schedule. Electronic Information Management System (EIMS) A recordkeeping system that manages electronic records and information throughout their lifecycle, from creation, receipt and capture through to their destruction or permanent retention and retains their integrity and authenticity while ensuring that they remain accessible. Also referred to as Electronic Management System for Records (EMSR), Electronic Records Management System (ERMS), Electronic Document and Records management System (EDRMS) Information Information generated or received by the City or its employees and used in the operation of our organization. Business information includes records, data, and documents stored in any form (e.g., paper, electronic, audio and video recordings, and imaging media). Information Management A discipline that directs and supports effective and efficient management of information in an organization, from planning and systems development to disposal or long-term preservation. Lifecycle of a Record The stages of activity between the creation or receipt of a record and its final disposition. There are five stages in the lifecycle of a record; namely, the creation, receipt, active use, semi-active use, infrequent (inactive) use and final disposition. Records are also said to have three ages based upon their reference or use: active, semi-active, and inactive. Provincial Archives of New Brunswick (PANB) The body responsible for selecting, acquiring, preserving records of historical or continuing value and making them available for future posterity. The PANB has determined the classification scheme and the records retention and disposition schedules for municipalities. The Municipal Records Authority for New Brunswick (MRA) The classification plan and mandatory retention schedule for municipalities in the Province of New Brunswick. Public Record The books, papers and records kept by or in the custody of an officer of the Province, a municipality or a rural community in the carrying out of his or her duty as that officer are vested in Her Majesty the Queen and her successors. Record 9 Information Management Policy for the City of Saint John Record means a record of information in any form, and includes information that is written, photographed or stored in any manner, on any storage medium or by any means, including by graphic, electronic or mechanical means, but does not include electronic software or any mechanism that produces records. 15. INQUIRIES For more information on the Policy, please contact the Corporate Records Manager in the Office of the Common Clerk. 10