Ohio Electronic Records Committee Home

 About the TIS Working Group
Acknowledgements

Ohio Trustworthy Information Systems Handbook: Section 8

How do you apply the Trustworthy Information System criteria?

 

The Trustworthy Information Systems (TIS) criteria can be used in many ways depending on your agency’s particular situation. Use of the criteria varies depending on a number of agency-specific factors such as:

  • Agency information needs and policies
  • Information system size, type, and scope
  • Phase of information system development life cycle
  • Agency size, staff, and procedures

The TIS criteria set presents itself much like a cafeteria line, with a wide array of criteria choices in different categories. The costs for implementing any of the criteria vary. If you think about a cafeteria line, customers make choices based on their hunger, dietary needs, and budgets. Most customers think about all the risks of buying an item that’s not in their budget or diet. If a customer buys two desserts along with an entree and a beverage, the result may be a stomach ache, a few extra pounds, or not enough money to go to a movie after dinner. For another customer, those two desserts may have no effect on their health, girth, or pocketbook.

In the TIS criteria cafeteria line, agency information system development teams face similar choices:

  • What criteria items do we absolutely need to do our business and to meet information requirements?
  • Which ones would be nice to have?
  • What are the costs of implementing selected criteria?
  • What are the costs (up-front and hidden) associated with not implementing them?

Agencies have different information needs and operate under different policy mandates and statutes. What’s important to one agency may have little relevance to another.

When can you apply the criteria?

Obviously, establishing the trustworthiness of an information system is a process most easily undertaken during the analysis/planning phase before the design is nailed down.

The steps, in this instance, are to:

  • Determine the value of your data
  • Weigh that value against the costs (time, money, etc.) of implementing each criteria
  • Choose only those criteria that support your determined level of risk
  • Implement
  • Document your choices (including handbook version, refer to Appendix A) and actions
  • Reassess needs and risks on a regular basis

The criteria set can also be used to examine systems that are already in place—your legacy systems. Documentation of what you presently have can serve as a check on how well the system is set up to meet your various requirements. The steps in this instance are to:

  • Decide the value of your data
  • Examine your system with reference to the criteria
  • Determine which are already in place
  • Ask whether your current system configuration offsets your risks
  • Choose additional criteria for implementation after weighing the costs
  • Implement
  • Document your choices (including handbook version, refer to Appendix A) and actions
  • Reassess needs and risks on a regular basis

Who has used the criteria?

Four Minnesota state agencies and one Minnesota local government agency already have used the TIS criteria set during the criteria’s draft/testing phase. The agencies, representing a variety of government business and information needs and policies, agreed to let the Minnesota State Archives field test the criteria set on their information systems projects. The systems were at various phases in the system development life cycle. Each of the agency development teams found the criteria useful and relevant to their particular situation.

You can read more about the field test cases in the Appendices section. The test case descriptions will give you an idea of how you might want to get started using the criteria. Keep in mind, however, that you don’t need to choose the same criteria or use the same methods as these agencies. Remember: What worked for one agency may not work for yours.

What tools are available to help?

The Legal Risk Analysis Tool (refer to Appendix G, only available online) will assist you in assessing the legal risks associated with your data. The TIS criteria worksheet form (refer to Appendix G) was useful for recording information during agency field test evaluation sessions. The form lists all of the criteria in table format (Microsoft Word 95) and contains sections for recording evaluation responses to each criteria.

Any time is the right time to start considering the information system trustworthiness. So, let’s jump into the criteria set.

What are the criteria for a trustworthy information system?  

Go to Table of Contents

Ohio TIS Handbook last updated November 2001, Version 1.
Ohio Electronic Records Committee