Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Managing Workplace Information
Transcript of Managing Workplace Information
Managing the variety of information generated by businesses today is an onerous task, especially with the increasing volumes of electronically created documents resulting from remote workforces and the use of mobile messaging.
Accountability requirements, legal compliance and e-discovery mean that information managers must keep abreast of changes, keeping in mind that ignorance and apathy are not accepted in courts of law. While technological changes assist businesses in meeting these requirements by providing speedy, efficient ways of communicating and storing information.
As most information is stored on file servers, which are basically electronic filing cabinets that hold terabytes of data, systems that allow for the logical storage of the information need to be established if a business is to operate successfully. One of the first steps in achieving this is through the development of suitable metadata structures.
Metadata is structured information that relates to the how, when, where and why a record is created. This information includes the file name, reference number, keywords, retention, disposal, author and workflow of a document. With paper-based systems, the capture of this information is quite easy; however, the ability to ensure digital records are captured, maintained, retained, preserved or destroyed according to legal and organisational requirements requires great cooperation between all sections of an organisation.
Ongoing training in managing workplace information should be an integral part of every employee's professional development. One of the first steps in this training is to develop an understanding the process of turning data into knowledge into information.
TYPES OF INFORMATION
The success of a business depends on its ability to deliver the right information to the right person at the right time. Failure to do so can her impact negatively on customer experiences, employee productivity and profitability. One of the difficulties faced by managers is trying to categorise the different types of information. This is further complicated by the fact that there are, to date, no internationally agreed definitions available. Two generally accepted categories are knowledge management and information management.
Knowledge management is the organisation's framework for designing and implementing procedures and practices that are used to identify, collect and distribute knowledge so that people can do their jobs effectively. This knowledge is categorised into two areas: explicit and tacit knowledge.
Explicit knowledge is knowledge that can be documented in electronic or written format, stored and archived as evidence of business activity. It can be further classified into unstructured information, which includes paper files, emails, web content, manuals and patents, or structured information such as information in databases, for example, accounting records.
Tacit knowledge is the 'know how' knowledge that is stored in the minds of employees, contractors or other business representatives. Identifying tacit knowledge is a major challenge for most organisations because of its intangible nature.
The first step in managing knowledge is ensuring that all the knowledge is documented. While most businesses have a reasonably adequate process for collecting explicit information, many fail to capture tacit information.
Emails about new issues or competitive intelligence
Written comments on a report or news item
Documented opinions on problem or situation
Lists of subject experts
Documented ratings of experts
Unrecorded meeting discussions
Off-the-record talks with government officers
Competitive intelligence from customer or industry contacts
Verbal comments on a report, or news item
Verbal comments on problems and possible solutions
People with 'know-how'
Opinions on expert quality
Because of the value of explicit and tacit information to an organisation, many employers use trade clauses in their employment contracts ti prevent employees using information to gain competitive advantage. However, the enforcement of these clauses is problematic because the law regards them as invalid unless the former employer has a legitimate commercial interest that requires protection, and the clause is reasonable in its scope.
Once knowledge has been turned into information, the next step is managing that information. This incorporates accessing, processing and controlling documents to ensure their accuracy and usability, so they create value both for the business and its customers.
Information management covers areas such as:
web content management - including internet, extranet, podcasts and web casts
document management - the creation, flow and storage of documents
records management - the capture, maintenance and access to records over time, including digital information (often referred to as digital asset management).
Because of the rapid influx of electronic documents and the different types of information created within an organisation, there are serious challenges encountered by information managers. Some of these challenges include:
little integration between different types of information systems
lack of foresight by management into future strategies and directions
limited understanding and poor adoption of existing information systems by staff
poor-quality information, including lack of consistency, duplication and out-of-date information
little recognition and support of information management by senior management
limited resources for deploying, managing or improving information systems
large numbers of diverse business needs and issues to be addressed
difficulties in continually changing staff working practices and processes
no provision of a thesaurus that provides definitions and classification schemes
Accountability means being able to provide an explanation or justification of one's actions in relation to events or transactions. Because records underpin accountability, ad hoc record-keeping practices significantly increase the risk or organisations being unable to account for their decisions, actions or inaction's. Therefore, strict procedures need to be defined for all record-keeping environments, including the roles of management and employees. This can be assisted by the inclusion of clear, detailed record-keeping guidelines in the organisational policies and procedures manual (OPPM). Although these guidelines will differ from business to business, both public and private organisations need to be aware of their responsibilities in complying with internal and external accountability requirements. Part of this process involves adhering to basic mandatory principles.
PRIVACY AND CONFIDENTIALITY
COPYRIGHT AND INTELLECTUAL PROPERTY
LEGAL AND ADMINISTRATIVE REQUIREMENTS
The regulation of record-management practices and procedures ensures that uniform protection is given to all records, and that information can be efficiently and effectively retrieved using standard forms of identification and retrieval procedures.
Creating the records as prescribed by legislation
Retaining the records for the statutory time as required by legislation
Determining whether the records are admissible as evidence in a court of law
Ensuring that the medium chosen for storage is acceptable under the legislation
Ensuring that the records contain all the information or variables as required by legislation
Ensuring that information is stored, updated, secure, and limits are applied to access and disclosure
The main reasons accountability requirements are not met are because of failure to:
create records in the first place
maintain complete records or accurate records
capture records into the record-keeping system to ensure that they are not destroyed and can be found when required
keep the records for the required period of time
maintain a disposal schedule to ensure that all records are given the correct retention period
maintain a complete corporate memory of the organisation's business activity
give clear directions or support in the functional areas of records management
implement a suitable training program for all personnel
assign responsibility for different aspects of record keeping at appropriate levels
observe legislation and standards
LEGISLATION AND STANDARDS
Impose an obligation to manage information in a certain way
Maintaining accountability and compliance is difficult therefore businesses need to develop policies and procedures and provide training to all employees
ATTRIBUTES OF A RECORD
Queensland Government Acts
Limitation of Actions 1974 (Qld)
Privacy Act 1977 (Qld)
Audit Act 1977 (Qld)
Freedom of Information Act 1992 (Qld) Regulation 2006
Training and Employment Act 2000 (Qld)
Electonic Transactions Act 2001 (Qld)
Commonwealth Government Acts
Public Service Act 1992 (Cwlth)
Copyright Act 1968 (Cwlth)
Insurance Act 1973 (Cwlth)
Evidence Act 1977 (Cwlth)
Occupational Health and Safety Act 1994 (Cwlth)
Income Tax Assessment Act 1997 (Cwlth)
The above list only covers some of the legislation that applies
AUSTRALIAN AND INTERNATIONAL STANDARDS - AS ISO 15489
The benefits of records management
The regulatory considerations
The importance of assigning responsibilities for record keeping
The design of record-keeping systems
The processes involved in records management such as capture, retention, storage and access
The development of records management policy and responsibility
The development of process and controls
Monitoring, auditing and training programs
Complete Q 3 on Page 180
- DOCUMENT MANAGEMENT
Benefits of an effective Records Management system
Secure and quick access to authentic and accurate information
Control over the creation and growth of information
Simplification of business processes
Reduction in operating and storage costs
Compliance with laws and standards
Faster and better decision making due to access of information
Provide evidence of what and when an event has happened and who has made decisions
Have integrity (honest and reliable content)
Be authentic (is what it claims to be)
Be reliable (full and accurate representation of transaction)
Have good usability (can be located presented and interdepended)
ESTABLISHMENT AND MANAGEMENT OF SYSTEMS
Suitability of a System
Storage of files need to be structured in either
Suits business that requires individual departments to retain and be responsible for their own records management
Immediate access to files
Quicker attention to customer inquiries
Files set up suit individual departments
Suits business that requires all the business's records to be stored and managed in one records management department
Efficient control, protection and security
Development of standard procedures
Efficient use of equipment
Reduction in operating costs
the development of standardised procedures
Cost effective use of personnel
CLASSIFICATION OF INFORMATION
All records can be categorised as:
Transactional - low value, routine documents related to business functions that remain active for financial year then stored for 2/7 years e.g. customer correspondence
Business documents - medium to high value documents e.g. policies, contracts, human resource documents. Sensitive for a short time, then can become knowledge documents.
Knowledge documents - high value documents managed intensively initially and then stored/archived.
Vital - necessary to survival/continuity of workplace e.g. accounts, contracts, policies, financial and legal documents
Prime - A collection of vital records and core business documents, such as client records, which should be backed-up daily and stored off-site. These documents are crucial to business continuity after a disaster
Active - constant access required for day-to-day running of business
Inactive - records kept for required period of time. usually converted to anther media e.g. CD-ROM
Archived - Records kept legal, historical or research purposes and not needed for day-to-day use. E.g. maps, documents, films etc
MAINTAINING INTEGRITY OF INFORMATION SYSTEM
(How to protect records)
Digital signatures: an image of a writer's signature
used to seal any electronic documents by using encryption
Version control: used to track changes. Ensures everyone is using the latest document.
PROTECTING ELECTRONIC DOCUMENTS
Need to keep track of all files
One person usually responsible for allowing access to files
When files are removed then an OUT CARD needs to be completed and inserted where the file is located
Name of file
Who has the file
When it will be returned
Managing Inactive files: Care of inactive records
Need to determine which records will be kept and which will be destroyed
Computer-based: constant temperature
Paper-based: files stored in temperature and humidity controlled environments
Regular checks: water seepage, mice, silverfish, cockroaches, fire protection
Protection from unauthorised persons
REFER TO PAGE 210
Retention and Disposal Schedule
Important because of legal requirements
An efficient disposal schedule outlines:
Type of record
Retention period for each type of record (see P214)
Method of disposal
Date of transfer from inactive to disposal
Destruction of records
Permission must be obtained from an authorised person
Paper documents need to be shredded
Non-destructive e.g. software overwriting
Destructive e.g. mechanical shredding, degaussing (strong magnetic current) or drive melting (tearing equipment into pieces)
Archive records are kept for legal, historical and research purposes
Require special storage conditions
Paper-based records often converted to digital or micrographic form, depending on length of time of storage
SECURITY OF SYSTEMS
Breaching can be minimised by networking computers and using:
Audit trails: monitoring of network usage each time access is granted or denied
File access and deletion of security: Allows access rights to certain files/directories
Printer security: access to specific printers for particular users
Time and date security: denies access to sensitive information outside normal working hours
Restricted Access (explained next slide)
Restricted Access Security
Can be achieved through:
should be changed regularly and kept confidential
8 characters/combination of letters and numbers/upper and lower case
names of family friends, pets and date of birth should not to be used because they are too easy to identify
read-only access: Can not change information in files. Can only read files.
Biometric ID systems: e.g. finger prints, signatures, eye pattern, voice... are used to restrict access to certain areas
Smart cards: i.e changing codes that guarantees that users cannot access data without smart card both the security card and a personal identification number (PIN) are required.
Threats to data
Accidental Employee errors
Failure to backup information
Dropping of equipment
Carelessness leading to loss/theft
Inaccurate input of data
Accidental transfer of information to an incorrect person
Unlocked computers when away from station
Through emails e.g. scams, phishing, etc.
Disgruntled employees selling vital information, sabotaging equipment or interfering with data and/or equipment
Viruses: Protection through use of protective programs that detects and checks for viruses.
Hackers: Protection through use of data encryption
Environment needs to be protected from possible danger to records
E.g. Temperature, fires, power fluctuations, water damage, vermin
To overcome risks = > appropriate back-up procedures and strict control of storage of info
=> forms part of a disaster recovery system
The purpose of a classification scheme within a record-management system is to:
help staff determine where to file records
assist in accessing and retrieving records
allow sorting of documents into logical sequence
help keep track of document versions
meet statutory and other compliance requirements
Classification schemes for both paper and electronic filing should be easy to understand and follow, otherwise staff will not use them correctly, resulting in lost files and large amounts of time spent on searching for them. The best classification schemes are those in which records are classified according to the core business of the organisation. For example:
legal firms file according to clients and subject matter
events and project managers file according to the event or project undertaken
councils file according to customers or geographical locations
Turn to page 189
Records provide evidence of what happened, when it happened and who made decisions. When deciding on what constitutes a record, the following questions should be asked in relation to each item received or sent.
Is the item part of the daily business process?
Does the item provide input into an important business decision?
Does the item provide evidence as to why a business decision was made?
Is the item required for legal, fiscal, audit or tax purposes?
One of the greatest difficulties for records managers comes from the growing number of electronic records. Some of the problems encountered as a result of this are:
confusion between different versions of a document
loss of context because there is no link between related documents, that is, no document occurs in isolation-they always refer to the other documents to provide a whole picture
failure to link related paper-based documents to electronic documents
proof of authenticity due to possible manipulation of text
destruction of documents because of poor management practices
changes to organisational structures and systems
documents becoming unusable because changes in technologies
Document management is known as workflow or process management
E.g. receipt, tracking and storing of documents, images and multimedia files
One of the fastest growing areas of record creation requiring management's attention is email. Because electronic messages are relating to business activities are subject to legislation and legal processes- both criminal and civil - just the same as any other document, they must be managed accordingly. Procedures for capturing emails into the system in their complete form should be documented. This includes:
the author, their title and the name of the organisation
the receiver, their title and the name of the organisation
the date and time the message was sent
any attachments, links, graphics or sound
Employees should be educated on their responsibilities in ensuring that emails are captured correctly, using the following guidelines.
External emails received - the receiver is responsible for capturing it into the system. If multiple recipients are listed, the first person on the receiving list should take responsibility for this capture
External or internal emails sent - always the responsibility of the sender, which means that all staff within an organisation may have responsibility of capturing electronic messages at some time
Both small and large businesses still use paper documents, despite the continued vision of the paperless office. The storage of paper files needs to be structured and carefully managed. Within an organisation, paper files can be located in either a centralised or decentralised location.
Once a suitable system has been established, file-management control measures are implemented to protect all records. Areas contributing to difficulties in maintaining the integrity or records include:
failing to maintain compliance
disposing of records inappropriately
not meeting accountability requirements
breaches of privacy
deliberate or illegal destruction of records
inadequate record-keeping systems
When a file is deemed inactive, authority must be obtained to transfer it out of the active system, which is done on a prepertual (continuous) or periodic (at specific times) basis. Before being transferred from active to inactive, files should be checked thoroughly to ascertain which records need to be kept and which can be destroyed. Both paper files and digital storage boxes that are labeled with the box number and destruction date, and a record kept detailing the contents of each box. Boxes may then be transferred to a secondary storage facility.
Tracking active paper files
It is usually the record clerk's responsibility to keep checks on out-files, and this should be done at regular intervals to maintain the integrity of the system. If a barcoding system is used, a portable bar coder is taken to all departments and out-files scanned. This information is then taken back to all the departments and out-files are downloaded into the computer. If the information is recorded manually, the records clerk should check the files in all departments against the information on the corresponding out-cards.
Storing active files
Active paper files are stored in special housing units according to classification methods that suit the requirements of the organisation. Paper documents waiting further attention are stored temporarily in chronological order, using folders, lever arch files or box files until the matter is dealt with. When computerised information management system us used, daily checks are made and files that have to be dealt with on that day are brought up onscreen. All data stored on computers and other remote devicces must be backed-up consistently, which allows a business to continue after a system or hard drive failure, power outage or other disaster. Backing-up can be done by the individual organisation or by using the services of a storage specialist, depending on the amount of data.
Care of inactive files
Computer-based storage media must be maintained at a suitable and constant temperature and humidity level away from any magnetic fields. If tapes are still used, they should be tensioned regularly to provide continued reliable backup. despite the storage medium used, it should be tested regularly to ensure the information is still accessible, especially if new storage technologies are introduced. Paper records should also be stored in temperature and humidity controlled environments. If a business chooses to store its own paper documents, care needs to be taken to guarantee their protection over time. Some of the issues to be considered when archieving files are listed below:
Is the area secure from access by unauthorised persons?
Are the floors concrete?
Are smoke detectors fitted?
Are the shelves constructed of suitable material, such as wood that can deteriorate or metal that can rust?
Are the paper documents on quality paper? Do they need to be photocopied?
Have all the metal clips been removed?
Is there plenty of ventilation?
Is there no possibility of dampness or direct sunlight?
Are temperature and humidity levels constant?
Is the area kept dust free?
ACCIDENTAL EMPLOYEE ERRORS
Losses from accidental employee errors stem from ignorance and carelessness. Some of the dangers to information from accidents include:
failure to keep dust out of computers
failure to consistently backup information from portable devices
accidental dropping of equipment
careless off-site handling procedures for storage devices
carelessness when inputting data
accidental transfer of information to an incorrect person when using email
accidental transfer of amounts of money into incorrect bank accounts
leaving a computer unlocked when away from the workstation, allowing anyone access to information
Turn to page 223
As e-commerce continues to expand globally, cybercrime is becoming a much larger problem for businesses. Online criminals are skilled computer experts who know how to manipulate computers into providing them with information. They used software programs known as spyware to collect data - such as personal details including names, phone numbers, websites visited, online purhcases made and credit card information - and then send this information back to its source. These criminals also offer technical support and free updates to other criminals on their malicious creations.
A computer virus is a self-replicating computer program that attaches itself to an existing program, such as an application program, operating system or macro, with the intent of infecting or corrupting files on targeted computer. A virus can only spread from one computer to another with the help of a person who is unsuspectingly carries the virus via removable storage devices, or over a network or the internet. Some virus via removable storage devices, or over a network or the internet. Some viruses can be programmed to damage computer programs, corrupt hard drives or delete files, while others simply make their presence known by presenting messages via text, audio or video. Viruses tend to result in system crashes or data loss.
A computer worm is a self-replicating computer program that uses a network to send copies of itself to other computer terminals on the network, but unlike a virus a worm doe snot need the invention of another user, as it does not need to attach itself to an existing program. Worms harm the network, for example, by consuming bandwidth, whereas viruses infect or corrupt files on a targeted computer.
A Trojan horse is a program that installs 'back-door' software program onto an unsuspecting user's computer, allowing unauthorised remove access, usually with the intent to commit a crime. A Trojan horse is an actual file that cannot operate until it is executed.
Identity theft occurs when someone users another person's personal information without permission to commit fraud. It is important for employees to realise that this does not only occur over the internet or via email. It could be anyone: an employee, or a customer on the phone or in the store. Identity theft is not only growing, but processes are becoming increasingly sophisticated, with criminals using legitimate anonymisers, or web servers, to conduct illegal activity.