Outsourcing digital data storage can relieve pressure on storage capacity and ICT resources while reducing costs. However, there are potential risks to the viability, access and use of the records. It may also be difficult to ensure that all copies of digital records are accounted for when they are destroyed or removed from storage.
Many of the records management risks can be mitigated once they are recognised. One of the strategies to mitigate risks is to perform due diligence; ie take care when evaluating a provider before entering into a contract. A records management risk assessment template is provided that can be used as a starting point to evaluate digital storage options.
The Transfer of custody of records under Australian Government outsourcing arrangements authorises Australian Government agencies to transfer custody of Commonwealth records to contractors and sets out the terms and conditions that apply.
Some of the main information management risks are outlined below.
A number of laws affect how Australian Government agencies create and manage their records and information. Agencies must ensure that their choice of offsite storage provider does not put them in breach of any of the legislation to which they are subject.
Outsourcing storage does not lessen an agency's obligation to ensure that its information is managed, made accessible and disposed of accountably. Management of the information by the storage provider must also be accountable and in accordance with legal requirements.
To reduce the risk of breaching regulatory requirements:
Risks arise if data is stored in a jurisdiction that does not maintain appropriate standards or is not legislatively comparable to that of the agency. Some jurisdictions may have the power to demand access to all information, including classified information. Some may apply different laws to stored information, even if the information did not originate there. Storing information in such a jurisdiction may be a breach of legislation.
To reduce the risks associated with storing information in unknown jurisdictions:
The consequences of information being accessed without authorisation can be very damaging, particularly if the information is sensitive or personal. This may occur if a storage provider accidentally or deliberately discloses information to parties outside those specified in the contract.
In addition, new information is created when stored information is accessed or updated, or when changes are made to equipment in the storage facility. This transactional and relationship information may include details of the person(s) who has accessed the information, including location (if accessing information through internet portals or intranets), name or identification, and activities carried out. This information also needs to be protected from inappropriate access.
To reduce the risk of unauthorised access to, or use of, information ensure:
If information is stored offsite, the storage provider must have adequate access controls and security measures, and be able to provide an appropriate level of security for personally sensitive material.
To reduce the risk to privacy:
Access to information may be lost as a result of a disaster if the provider has not performed appropriate backup. Cloud computing services may be affected by internet service disruption.
Reduce the risk of loss of access to information by:
Timely access to information may be lost if the storage provider, whether a data centre, digital repository or cloud computing service, goes out of business or is taken over by another company.
When a storage provider goes out of business, agencies may not be able to access their information and could lose control of vital business records.
If new owners of the storage facility do not honour previous arrangements, agencies may not know who has access to their information.
Reduce the impact by:
When storage providers upgrade hardware or software, there is a risk that agency software may no longer be compatible. The use of open formats supports readability and reduces the risk of information becoming unreadable.
Reduce the risk by:
Evidential value of government records can diminish if their authenticity cannot be proven. Potential risks to authenticity can be unsuccessful migration undertaken by the provider, information not being properly secured, unknown access or access that is not logged and backups not being routinely performed.Reduce the risk of evidential damage for information, check the storage provider:
Metadata makes information findable, usable and authentic. Mismanaged metadata may result in unusable information because it is difficult to find, understand, or authenticate.
Reduce the risk of metadata not being appropriately maintained:
When storing information offsite any disposal actions should be transparent and appropriately carried out. Factors to be considered include the removal of copies created during the transfer process and ensuring that removal or destruction of information is in accordance with the appropriate records authority. The Australian Government Protective Security Policy Framework and the Australian Government Information Security Manual set out requirements for rendering backups or copies unreadable and irretrievable. Cloud storage poses a particular problem because, by design, it creates multiple, geographically distributed copies to maintain availability. It may not be possible to verify that records have been destroyed and agencies must factor this risk into their use of the cloud.
When managing the disposal of records stored offsite consider:
Australian Government agencies should undertake appropriate assessment and checks when entering into any contract for an outsourced service. When storing digital information, questions that should be asked include:
What is a data centre?
A data centre houses computer systems and associated components such as servers, networks and data storage systems. Data centres are purpose built, permanent, shared enterprise facilities that can contain a full range of ICT equipment for agency use.
What is a digital repository?
A digital repository is used to retain and manage digital information, and aims to ensure the usability of stored digital objects over time. The term 'digital repository' is often interchangeable with 'institutional repository' and 'digital archive'. Common types of digital repositories include national libraries and archives, subject-based repositories or scientific-data archives.
What is cloud computing?
Cloud computing can be described as information technology resources delivered as a service through a network. These services may include procurement of software, platforms, infrastructure, or a combination of these. Outsourced cloud storage services may involve sharing, creating or storing information on remote servers accessed through the internet.