of 23 /23
IMAGENOW Meeting Compliance Understanding Standards & Procedures

ImageNow Meeting Compliance

  • Author

  • View

  • Download

Embed Size (px)


ImageNow Meeting Compliance. Understanding Standards & Procedures. Why Are We Here?. To learn the steps each office needs to take to meet the compliance requirements for NDSU’s internal document imaging audit. Campus Audit is reported to NDUS each year (June) by NDSU Chief IT Security Officer - PowerPoint PPT Presentation

Text of ImageNow Meeting Compliance

PowerPoint Presentation

ImageNowMeeting ComplianceUnderstanding Standards & ProceduresWhy Are We Here?To learn the steps each office needs to take to meet the compliance requirements for NDSUs internal document imaging audit.Campus Audit is reported to NDUS each year (June) by NDSU Chief IT Security OfficerAudit is conducted to meet requirements of NDUS Policy 1901.4NDUS Policy 1901.4Purpose:The purpose of this procedure is to establish an imaging procedure for all NDUS institutions that create, use, and manage digital images on optical imaging systems.Reference front page of 1901.4 handout4NDUS Policy 1901.4Procedure Summary:Institutions shall create and follow documentation that outlines and describes system hardware and software specifications and written policies and procedures that document the creation, maintenance, use and preservation of digital images within the system.Training schedules that include initial instruction as well as regular, ongoing retraining must be implemented to ensure that employees understand the policies and procedures and any changes that may occur.Reference front page of 1901.4 handout5Initial Access & TrainingChecklist Item #1Procedures for electronic imaging of documents have been formally documented and are provided to individuals who have been given access or duties related to imaging documents.Translation:Do you have training documents and/or user manuals prepared for first-time ImageNow users?Reference checklist handout

6Initial Access & TrainingCreate Tutorials for the Basics:Logging In, Logging Off, & Password ChangesToolbar Icons, Interface & Default SettingsHow to SearchHow to Scan/QA/Link How to Upload & Link using ImageNow PrinterResources:ImageNow User Manual (PDF, hard copy, Client Help)Internal Customized TutorialsDemo Help button on the ImageNow toolbar7Confidential Data TrainingChecklist Item #2Individuals with access to data and system have been given appropriate training regarding policies and procedures for security and safety of data stored and manipulated within system. The training is ongoing and is updated according to changes in policy and federal law.Checklist Item #9All those assigned access and use the system have undergone basic training on handling and use of confidential data and have signed confidentiality agreements. Confidential Data TrainingTranslation:Have users reviewed data privacy policy & completed confidential data training before using ImageNow?How do we Comply?Log and file (date of training, who attended, who provided training)NDUS Data Privacy TrainingSigned Confidentiality AgreementResponsibility ReviewSecurity/Confidentiality Topic during Staff MeetingScanning & QA TrainingChecklist Item #10Individuals who perform the scan or validation function have received additional training on document quality assurance.How do we Comply?Create separate training tutorial for scanning processMake sure VRS settings are optimized for all documentsDo not allow Bypass QA setting for scanning profilesDemo Bypass QA setting10System OversightChecklist Item #3An individual(s) has been assigned the responsibility to oversee and manage the training of assigned personnel.Translation:Each participating office needs to have a designated ImageNow ManagerWhy is this Required?Act as a point of contact for each officeLimits number of users who can access & change securityIn charge of keeping & collecting audit compliance dataMention the training options through Perceptive11System OversightChecklist Item #12Logs of individual training are maintained by the person(s) managing the oversight of those who use the system.Translation:ImageNow Managers need to keep track of which users have received which types of training and when.How do we Comply?A spreadsheet will be developed and distributed to help managers track user training.System OversightProposed Spreadsheet:Record completed training dates for each userSubmit copy of spreadsheet for audit each yearNameRoleDataPrivacyConf.Data1st TimeUserScan& QAResp.ReviewStaffMeetingUser #1PowerUser08/23/200407/01/201209/15/201010/10/201003/01/201104/26/2012User #2Manager11/03/199507/01/201205/21/200710/10/201006/01/201104/26/2012User #3Staff03/17/200807/01/201209/15/201010/10/201009/01/201104/26/2012User #4Student09/30/201107/01/201210/15/201110/15/201112/01/201104/26/2012Security ManagementChecklist Item #4Separation of duties is in place for individuals who have been given access to the imaging system. (For example the person who scans in a document does not have the ability to delete a document.)Checklist Item #6Formally documented procedures have been established to ensure that only authorized personnel can create, copy, annotate, or access digital images within the system. This access is granted based on specific need for use of the system.Security ManagementTranslation:Assign user security settings according to functionDont grant more access than absolutely necessaryKeep track of:Who is responsible for scanning?Who can delete linked documents?Who can view documents in which drawers?Who can view certain document types?Who can edit custom properties, notes, annotations?Who can print, save, or email imaged documents?

Document ValidationChecklist Item #5A validation process using a sampling technique has been implemented to verify that the scanned document matches the original document. This process is conducted and documented each quarter.Checklist Item #11Logs are collected, monitored and documented to verify reproduction accuracy and reliability according to the original document.Document ValidationValidation Process:ImageNow DocumentsSearch for documents created on certain dateRandomly select documents (note Date, ID#, DocType, & # of pages)Locate selected documents in hard copy archiveConfirm quality of the documentsHard Copy DocumentsRandomly select documents from hard copy archiveSearch for documents in ImageNowConfirm quality of scanned documentsDocument ValidationVALIDATION PROCESS DEMONSTRATIONNancy KasperRegistration & RecordsBring up spreadsheet18User ManagementChecklist Item #7Those employees no longer needing access to the system have been removed.Process:ImageNow Manager deactivates user account in ImageNow and removes user from all associated groupsOr contact Viet to have him deactivate the userNotify your IT Liaison to include removal of ImageNow service tag when the Help Desk ticket requesting end of IT services is submitted

Document ManagementChecklist Item #8Digital images that are the records of documented business processes have been linked to the business processes that created them.Translation:Documents are stored in Drawers of the department that created themDrawer names are changed when documents transfer between departmentsView access is usually retained by original department

Document ManagementChecklist Item #13All digital images are destroyed according to NDSU Records and Retention policy and procedure 713.Translation:Documents need to be purged based on the document retention schedule (www.ndsu.edu/recordsmanagement)Process:Query is run for ID#s of inactive students (last 5 years?)ImageNow is searched for documents In ListIndex fields & custom properties determine purge itemsClick link to show where to get the document retention schedule21Document ManagementChecklist Item #14All data that is stored as an image is classified according to NDUS policy and procedure 1901.2.Translation:Any electronic data asset of the NDUS or Institution shall be classified as Public, Private or Confidential according to the following standards. NDUS 1901.2How do we comply?Confidential drawers can be created for highly sensitive documents that can only be accessed by designated usersWas quite sure about this one. Originally we had a note about the image file types being non-proprietary (.tif, .pdf, .docx), but after further review I discovered that the file type issue was covered in Policy 1901.4 and not 1901.2. Policy 1901.2 deals more with the Public, Private, Confidential classification of documents.22Document AuditingChecklist Item #15A system audit trail is in place to document who, the date and time, and what was accessed for the previous 12 months. This audit trail is maintained and available for review.How do we comply?Audit setting in ImageNow is turned on for:Add AnnotationsDocument CopyDocument CreateDocument Create via BatchDocument DeleteDocument MoveDocument Page DeleteDocument RestoreDocument Send to Recycle BinDocument ViewUser Login

Demo activating this setting23QUESTIONS?Additional Licenses???Contact Heather Soleim in R&R for more informationOffice# of Users# of Licenses# of ScannersAdmission19102Bison Connection1031Customer Account Services92--Enrollment Management1----Graduate School1371HR/Payroll1431International Programs1251IT Services721Registration & Records31153Residence Life2121Student Financial Services1941TOTALS1565312