Organizations increasingly turn to cyber-based records management solutions, whether in the form of cloud storage, software as a service (SAAS), or the incorporation of digital signature or other electronic document processing requirements. While there are many benefits to incorporating e-records overall, staying up to date on security requirements for such records is essential, not only to ensure compliance with laws and regulations governing their use, but to protect them from potentially malicious attacks, unauthorized access, or natural or man-made disaster.
Cybersecurity and Data Protection were at the forefront of the November 1, 2017 Baton Rouge Lafayette ARMA Chapter meeting, where speakers Julia Breaux and William Sellers with EATEL Business gave an insightful presentation on how to assess an organization’s current practice surrounding electronic records for potential security risks, implement protective measures, and recover from the inevitable records management disaster, big or small. A copy of the presentation is available at this link: EATEL Business – ARMA Presentation (11-01-2017)
One of the tools highlighted during the presentation was The Cyber Resilience Review (CRR) Self Assessment Tool provided for free by the Department of Homeland Security. The tool assesses the overall health of an organization’s practices related to online records management and cybersecurity by posing questions related to ten domains, including asset management, controls management, vulnerability management, incident management, service continuity management, risk management, and others. After completing the questionnaire, the answers can be compiled into a free report, which analyzes each area for risk potential, overall compliance with national standards, such as NIST, and offers suggestions and solutions for tightening and streamlining security. In addition, the website features several more tools related to cybersecurity practices and organizational risk prevention, including checklists, a how-to guide for talking to an organization’s key stakeholders on the importance of security practices, as well as a cross-walk to the NIST Framework.
You can find more information and take the assessment at this link: https://www.us-cert.gov/ccubedvp/assessments