FBI Electronic Recordkeeping Certification Manual

FBI Electronic Recordkeeping Certification Manual

Prepared for:

Department of Justice Federal Bureau of Investigation

J. Edgar Hoover Building 935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001

April 30, 2004

Under Contract GS-23F-97806F Document Control Number: 1970061--ERKM--Final V1.0

Prepared by:

SRA

INTERNATIONAL, INC.

SRA International, Inc. 2000 15th Street North

Arlington, VA 22201

For Official Use Only

FBI Electronic Recordkeeping Certification Manual

Executive Summary

Executive Summary

The mission of the Federal Bureau of Investigation (FBI) is to uphold the law through the investigation of violations of federal criminal law; to protect the United States from foreign intelligence and terrorist activities; and to provide leadership and law enforcement assistance to federal, state, local and international agencies. Vital to the support of the FBI mission is the implementation of records management policies and procedures that ensure the proper creation, maintenance, use and disposition of records.

The FBI, like all other Federal agencies, is required by statute to "make and preserve records containing adequate and proper documentation of the organization, functions, policies, decisions, procedures, and essential transactions of the agency."1 This practice of ensuring "adequate and proper documentation"2 is essential to efficient and economical agency operations by guaranteeing that information is documented in official files, including electronic recordkeeping (ERK) systems, where it will be accessible to all authorized staff that may need it.

As the FBI evolves from paper-intensive records and information management systems to more electronic, paperless records and information management systems, electronic information systems (IS) containing records must comply with the policies and procedures governing the management of FBI records.

The Assistant Director of the Records Management Division (RMD) is the FBI Records Officer (RO). On April 29, 2002, the Director of the FBI delegated to the Records Officer the authority to determine what FBI information constitutes a record under Federal Law and the authority to approve, or withhold approval of, any electronic information or knowledge management (KM) system in use or under production. 3 No electronic information or knowledge management system is to be utilized in the conduct of FBI business without the approval of the FBI RO.

The RO's highest priority is to ensure that support for records management criteria is incorporated into requirements specifications and test plans of new information and knowledge management systems. The second highest priority is to review existing systems within the FBI to ensure compliance. Development efforts may continue on new information systems; however, it is incumbent on the Project Manager of any information or knowledge management system in development to ensure coordination with the Records Officer, as the system may not become operational absent RO authorization. To this end, the FBI created the Electronic Recordkeeping Certification (ERKC) process as described in this manual.

Implementation of the ERKC process ensures that the systems the FBI develops and maintains comply with statutory and agency electronic recordkeeping requirements. The ERKC process incorporates electronic recordkeeping requirements into the system development life cycle

1 Federal Records Act, Title 44 U.S.C ? 3101 (1950) 2 Phrase was originally used in the Federal Records Act of 1950 that established records management as a basic responsibility of all Federal agencies. 3 Records Management Division Delegation of Authority to the Agency Records Officer, Electronic Communication

(EC), Case ID # 66F-HQ-A1358157; April 29, 2002.

For Official Use Only

ES-1

Version 1.0

FBI Electronic Recordkeeping Certification Manual

Executive Summary

(SDLC) so that all system development activities can appropriately consider electronic recordkeeping issues from the earliest stages of acquisition and design.

The ERKC is a process used to evaluate system compliance with records management criteria. The process is designed to guide system sponsors and developers in assessing and incorporating

records management criteria into system requirements specifications, and then ensuring fulfillment through review of documented test results. The ERKC process consists of identifying systems that contain records, helping System Owners and developers understand ERK criteria,

ensuring that system requirements specifications satisfy ERK criteria, and validating ERK functionality through review of system test results.

Forming partnerships with other information professionals is essential. The ERKC process is designed to leverage the outputs from existing IT systems management processes to minimize redundant data capture and reduce the burden on systems development and management

activities.

v v v

For Official Use Only

ES-2

Version 1.0

FBI Electronic Recordkeeping Certification Manual

Contents

TABLE OF CONTENTS

Executive Summary ...................................................................................................................... ES-1

Section One--Introduction................................................................................................................ 1-1 1.1 Objectives of the Manual ...................................................................................................... 1-2 1.2 The FBI Electronic Records Management Program................................................................ 1-2

1.3 Goal of Electronic Recordkeeping Certification Process ......................................................... 1-2 1.4 Electronic Recordkeeping Certification (ERKC)...................................................................... 1-2 1.5 Availability and Comments ................................................................................................... 1-3

Section Two--Electronic Recordkeeping Certification (ERKC) Process ............................................... 2-1 2.1 Overview of the ERKC Process ............................................................................................ 2-1 2.1.1 Phase 1: Definition....................................................................................................... 2-2

2.1.2 Phase 2: Verification .................................................................................................... 2-2 2.1.3 Phase 3: Validation ...................................................................................................... 2-3 2.1.4 Phase 4: Post Certification ........................................................................................... 2-3

2.2 ERKC Process for New Systems .......................................................................................... 2-3 2.2.1 Definition Phase .......................................................................................................... 2-3 2.2.2 Verification Phase........................................................................................................ 2-4

2.2.3 Validation Phase.......................................................................................................... 2-5 2.2.4 Post Certification Phase ............................................................................................... 2-6 2.3 ERKC Process for Legacy Systems...................................................................................... 2-8

2.3.1 Validation Phase.......................................................................................................... 2-8 2.3.2 Post Certification Phase ............................................................................................. 2-10 Section Three--Roles and Responsibilities ....................................................................................... 3-1

3.1 Records Officer ERKC Responsibilities ................................................................................. 3-1 3.2 System Owner ERKC Responsibilities .................................................................................. 3-2 Appendix A--References ................................................................................................................ A-1

Appendix B--Glossary .................................................................................................................... B-1 Appendix C--ERK Assessment Criteria ........................................................................................... C-1 Appendix D--ERKC Process Flow for New Systems......................................................................... D-1

Appendix E--ERKC Process Flow for Legacy Systems..................................................................... E-1 Appendix F--Risk Management........................................................................................................F-1 Appendix G--System Evaluation Process Details ............................................................................. G-1

Appendix H--ERK Criteria Tailoring Tool ......................................................................................... H-1 Appendix I--ERK Compliance Evaluation Worksheet ..........................................................................I-1 Appendix J--ERK System Certification Report Template.................................................................... J-1

Appendix K--ERK Certification Letter Template................................................................................ K-1 Appendix L--Sample ERKC Electronic Communication Template....................................................... L-1 Appendix M--FBI RMA Metadata List .............................................................................................. M-1

LIST OF FIGURES

Figure 2-1. The ERKC Process Relationship with Other IT Management Processes............................ 2-1 Figure F-1. ERKC Risk Analysis Process ......................................................................................... F-2 Figure G-1. ERK Validation Phase Process ..................................................................................... G-1

LIST OF TABLES

Table 1-1. Document Section Contents Summary ............................................................................. 1-1 Table 2-1. ERKC Definition Phase - New System.............................................................................. 2-4 Table 2-2. ERKC Verification Phase - New System ........................................................................... 2-5 Table 2-3. ERKC Validation Phase - New System............................................................................. 2-5 Table 2-4. ERKC Post Certification Phase - New System .................................................................. 2-7 Table 2-5. ERKC Validation Phase - Legacy System......................................................................... 2-9

v v v

For Official Use Only

i

Version 1.0

FBI Electronic Recordkeeping Certification Manual

Version/Change

RECORD of CHANGES

Date

Description

Record of Changes

Entered By

For Official Use Only

ii

Version 1.0

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.