Skip to Content

Data Security and Protection in Public Sector Records Management

Tags:

Data security and protection are essential prerequisites for deploying an electronic records management system. In essence, this means you must take the following five crucial issues into account :

  • Authentication: Access to a system must be restricted to only authorized users, and the system must ensure that other users cannot assume their identity to gain access to the system.
  • Authorization: Users must be restricted to only those tasks for which they are authorized.
  • Integrity: Data cannot be changed unless user is authorized to do so.
  • Confidentiality: Reliability and adherence to legal obligations must be ensured.
  • Recording and logging: All activities and events must be recorded so that they can be accessed at a later stage.
  • Authorization Level: An authorization level (e.g. confidential, secret etc.) can be assigned to a document. Via this level a user gets access only to document where he has the authorization.
  • Access control lists: The records manager can assign a record, case or document to an access control list. Only users belonging to this list have access to the corresponding records, case or document.



Authorization Level :

  • Are a linear ordered set of access control markings, which represent security categories to protect the access to classes, folders and records within ERMS. Example-

               i.   Top Secret (highest level)

               ii.  Secret

               iii. Confidential

               iv. Restricted

               v.  Unclassified (lowest level)  

  • The Authorization Levels are customizable.
  • A higher level encompasses all lower levels.
  • Path for the customizing of Authorization Levels: Records and Case Management → Authorizations → Authorizations for The National Archives (TNA) → Create Values for Attribute 'Authorization Level'



    

Access Control :

  • Two key attributes for Access Control

               i.  Access Control: Users  where only SAP users can be entered

               ii. Access Control: Groups  can be maintained via transaction SO23

  • Access Control Lists for Groups are Distribution Lists (DL) in the SAP system.
  • In order to find a DL enter the name of the DL (wild cards are allowed), press Find.
  • Double click on the marked line leads to details of the DL.
  • When you press tab Attributes you find the assignment to a folder. If you are in the edit mode, the F4 help gives you the option to create a new folder.
  • In order to create a DL enter the name of the DL, press Create.
  • The system ask for a folder immediately. Enter an existing folder or – if necessary create via the F4 help a new folder.
  • Save the DL.
Former Member

No comments