Outsourcing digital data storage can relieve pressure on storage capacity and ICT resources while reducing costs. However, there are potential risks to the viability, access and use of the records. It may also be difficult to ensure that all copies of digital records are accounted for when they are destroyed or removed from storage.
Many of the records management risks can be mitigated once they are recognised. One of the strategies to mitigate risks is to perform due diligence; ie take care when evaluating a provider before entering into a contract. A records management risk assessment template is provided that can be used as a starting point to evaluate digital storage options.
The Records Issues for Outsourcing including General Disposal Authority 25 (pdf, 111kb) authorises Australian Government agencies to transfer custody of Commonwealth records to contractors and sets out the terms and conditions that apply.
National Archives general advice on outsourcing.
Some of the main records management risks are outlined below.
A number of laws affect how Australian Government agencies create and manage their records and information. Some, such as the Privacy Act 1988, the Archives Act 1983, the Australia Information Commissioner Act 2010 and the Freedom of Information Act 1982, apply to most Australian Government agencies, while other laws are agency specific. Agency-specific legislation can cover diverse requirements. For example, it may require certain information to be created, determine the format in which it is to be kept, how or where it is to be captured, and how and to whom it may be disclosed.
Agencies must ensure that their choice of offsite storage provider does not put them in breach of any of the legislation to which they are subject.
Outsourcing storage does not lessen an agency's obligation to ensure that its records are created, managed, made accessible and disposed of accountably. Management of the information by the storage provider must also be accountable and in accordance with legal requirements.
To reduce the risk of breaching regulatory requirements:
It may be difficult to identify precisely where an agency's information is stored, particularly in the case of cloud storage. The location of the cloud’s server may not be stated in the terms of service of the contract. This can be further complicated if a storage provider changes the location of records without notifying the agency, or uses a subcontractor. Additional problems can occur if data is stored in multiple locations at the same time.
Risks arise if data is stored in a jurisdiction that does not maintain appropriate standards or is not legislatively comparable to that of the agency. For example, some jurisdictions may have the power to demand access to all information, including classified information, stored in that jurisdiction. Different jurisdictions may have different privacy laws that apply to information stored within the jurisdiction, even if the information did not originate there. Storing information in such a jurisdiction may be a breach of legislation to which the agency is subject.
To reduce the risks associated with storing information in unknown jurisdictions:
The consequences of information being accessed without authorisation can be very damaging, particularly if the information is sensitive or personal. This may occur if a storage provider accidentally or deliberately discloses information to parties outside those specified in the contract.
In addition, new information is created when stored information is accessed or updated, or when changes are made to equipment in the storage facility. This transactional and relationship information may include details of the person(s) who has accessed the information, including location (if accessing information through internet portals or intranets), name or identification, and activities carried out. This information also needs to be protected from inappropriate access.
To reduce the risk of unauthorised access to, or use of, information:
Consider whether records that contain private or sensitive information should be stored offsite, or if it is more appropriate for them to remain under agency control. If the information is stored offsite, the storage provider must have adequate access controls and security measures, and be able to provide an appropriate level of security for personally sensitive material.
To reduce the risk of privacy being compromised:
Access to information may be lost as a result of a disaster, including fire or flood, if the provider has not performed appropriate backup. Cloud computing services may be affected by internet service disruption.
To reduce the risk of loss of access to information:
Timely access to information may be lost if the storage provider, whether a data centre, digital repository or cloud computing service, goes out of business or is taken over by another company.
When a storage provider goes out of business, agencies may not be able to access their information and could lose control of vital business records.
If new owners of the storage facility do not honour previous arrangements, agencies may not know who has access to their information.
To reduce the risk arising from a storage provider ceasing business:
Over time, a storage provider may need to upgrade its hardware or software. There is a risk that when records are returned to an agency, its software may no longer be compatible with that used in the provider’s facility. The information would therefore be unreadable and unusable.
The use of open formats supports readability of information over time.
To reduce the risk of data becoming unreadable or unusable:
Government records must be authentic and reliable. The evidential value of government records can diminish if their authenticity cannot be proven.
Risks to evidential value when using a storage provider may arise from unsuccessful migration undertaken by the provider, the information not being properly secured, unknown access or access that is not logged, as well as backups not being routinely performed.
To reduce the risk of evidential damage for the information:
ensure the contract provides that:
Metadata is the means by which digital information is confirmed as complete and authentic, and by which information is made findable and usable. Metadata is information that describes an object’s structure, context, content, and management through time. Mismanaged metadata may result in information that is unusable because it is difficult to find the information, understand its purpose, or be sure of its integrity.
To reduce the risk of metadata not being appropriately maintained:
Disposal is the means by which Australian Government information, after it has satisfied minimum retention requirements, can be transferred to the National Archives of Australia, or destroyed or disposed of in other ways. Disposal of Australian Government records is authorised by the Archives through records authorities.
When storing information offsite, it is vital that any disposal actions, including transfer or destruction, are transparent and appropriately carried out. Factors to be considered, regardless of who is conducting the disposal, include the removal of copies created during the transfer process and ensuring that removal or destruction of information is in accordance with the appropriate records authority.The Australian Government Protective Security Policy Framework and the Australian Government Information Security Manual set out requirements for rendering backups or copies unreadable and irretrievable, with requirements becoming more stringent as the security classification of the information increases. There are risks of information leaks, confusion about the validity of records, possible discovery costs and embarrassment to the agency if even unclassified records are not permanently removed from the storage provider's systems. Cloud storage poses a particular problem because, by design, it creates multiple, geographically distributed copies to maintain availability. It may not be possible to verify that records have been destroyed and agencies must factor this risk into their use of the cloud.
When managing the disposal of records stored offsite consider:
Australian Government agencies should undertake appropriate assessment and checks when entering into any contract for an outsourced service. When storing digital information, questions that should be asked include:
Following this assessment, agencies can specify what should be included in a service level agreement. Some providers may have standard service level agreements, however the terms need to be acceptable not only to the provider but also to the agency.
A service level agreement is used to outline specific metrics the storage arrangements can be measured against to ensure that an agency's information is managed appropriately. As data storage is increasingly being offered as a service rather than a product specified in an end-user agreement, it is important that agencies use service level agreements to specify metrics. Doing so ensures that the information stored is protected, costs involved beyond the contract fees and charges are agreed, and what happens during server downtime is outlined. The agency may need to seek legal and accounting expertise to assist in specifying and assessing requirements in a service level agreement.
What is a data centre?
A data centre houses computer systems and associated components such as servers, networks and data storage systems. Data centres are purpose built, permanent, shared enterprise facilities that can contain a full range of ICT equipment for agency use.
What is a digital repository?
A digital repository is used to retain and manage digital information, and aims to ensure the usability of stored digital objects over time. The term 'digital repository' is often interchangeable with 'institutional repository' and 'digital archive'. Common types of digital repositories include national libraries and archives, subject-based repositories or scientific-data archives.