Embed Size (px)
Citation preview
Sytze Visser:ECM & BPM
DATACENTRIX
The Risks and Vulnerabilities of NOT implementing an
effectiveRecords Management System
The paperless office..?
The high-tech paperless toilet, which delivers a clean and dry posterior without the need for tissue paper, has arrived from Japan.
Read more: http://www.dailymail.co.uk/sciencetech/article-1160707/Introducing-high-tech-paperless-toilet-leaves-clean-dry-tearing-trees.html#ixzz16HQWfOPG
ZA Legislative Landscape
• ECT Act, Oct 2001• PAIA, Nov 2001• FICA, Dec 2001• FAIS, Nov 2002• RICA, July 2009• King III, March 2010• 25+ Laws...• And now POPI – 2011?
ECT Act, Oct 2001
“Information is not without legal force and effect merely on the grounds that it is wholly or partly in the form
of a data message.”
• Created:– Opportunity for Digitization– Reduced use of paper records– Increased reliance on ECM Solutions– A focus on managing Records Adequately.
PAIA, 2001 : Promotion of Access to Information Act
“Disclosure of information held by a private or public body”
• Created:– Requirement for compiling a PAIA Manual– A requirement for a mechanism of information
disclosure.– A focus on managing Records Adequately.
FICA, Dec 2001: Financial Intelligence Centre Act
“Establish identity of clients prior to transacting with them to combat money laundering”
• Created:– An increase in paper-based records.– A requirement for a mechanism of information
disclosure.– A focus on managing Records Adequately.
POPI, 20-soon : Protection of Personal Information Act
“The purpose of the POPI Act is to protect personal information assets of public and private bodies”
• Will create:– An increase in managing structured and unstructured
records.– A focus on managing Records Adequately.
Why all these laws?
• Confidence is created through governance.
• South Africa is part of the world market.
• We have to demonstrate:– Solid Records Management principles– Respect of privacy– Openness and disclosure– Actively combating Crime
The threats to you business...
• Legal risk– Criminal fines R1M - R10M (ECT, FICA)– Inability to prove/disprove facts – disciplinary hearings– Inability to respond to public requests (PAIA, POPI, ECT)– Keeping records without evidential weight (ECT)– Slow or impossible data discovery/recovery (ECT, FICA,
FAIS, POPI)– Keeping records meant to be destroyed (ECT, POPI)– Keeping wrong records for wrong periods (ECT, POPI)– No version control (All...)– Seizure of Equipment by Regulator (POPI)– ....many more risks
The threats to you...
Good records Management...
Do you have a choice?
Flip side of the coin
The Opportunities of implementingan effective Records Management System
Why do we keep Records?
• Compliance
• Evidence
• Operations
• Security
On the Bright side: Step 1
Define a Records Management Policy that contains:
• Rationale and purpose• Definitions• Scope of Application• RM Officer• RM Management
Committee• Storage Centre/Archive:
Paper/Microfilm/Electronic
• Records Identification• Records
Classification/Naming• Records Access• Retention and Storage
• Records Archiving• Disposal & Destruction• Version Control• Security• Public Information
Requests• Confidentiality• Email Classification• Electronic evidence• Business continuity• Disaster recovery• Ownership and Copyright• Policy violation
Next steps...
• Step 1: Develop/Revise RM policy
• Step 2: Assess current state
• Step 3: (Re-prioritise Projects According to Risk & Vulnerability)
• Step 4: Engage in project(s)
• Step 5: Assess Outcomes
• Go back to Step 1!
Achieving Operational Excellence through RM
HousingHousing Water and SanitationWater and Sanitation ElectricityElectricity License /
TrafficLicense /
Traffic
RM 4RM 4RM 3RM 3RM 3RM 3RM 2RM 2RM 1RM 1RM 1RM 1
Federated Records ManagementFederated Records ManagementFederated Records ManagementFederated Records Management
Off-site Paper Storage
On-site Paper Storage
Electronic Document RepositoryElectronic Document RepositoryElectronic Document RepositoryElectronic Document Repository
Thank You
Thank You
