Ohio Electronic Records Committee Home

 About the TIS Working Group
Acknowledgements

Ohio Trustworthy Information Systems Handbook: Section 9

What are the criteria for a trustworthy information system?

 

 

QUESTIONS TO ASK

What laws and/or regulations (state and federal) apply to the data within your system?

What are your industry’s standards for system security?

What are your industry’s standards for data security? What areas/records might lawyers target?

What areas/records might auditors target?

What data is of permanent/historical value to you and/or to others?

Introduction

The following criteria outline the best available practices for implementing a trustworthy information system. The most appropriate practices for a particular system may comprise only a certain number of these. Agencies choose what is reasonable and practical depending on a variety of factors. The important point is to make, justify, and document your choices in order to ensure consistent application and your agency’s accountability for its decisions.

The criteria range from system- to record-level and are categorized into five main groups:

  • system documentation
  • security measures
  • audit trails
  • disaster recovery plans
  • record metadata

Each of these areas contain specific criteria as well as items for further consideration:

  • Did You Know highlights items drawn from Ohio government sources concerning information systems and records management.
  • Points under Consider This expand upon the criteria.
  • The left-hand sidebar offers general Questions to Ask while working with the criteria set; those opposite a particular criteria group are complementary to its issues.

The criteria set will be updated as necessary to reflect new information. Sources are listed in the Bibliography section of this handbook.

Criteria Group 1

Go to Table of Contents

Ohio TIS Handbook last updated November 2001, Version 1.
Ohio Electronic Records Committee