Trustworthy Information Systems Handbook: Section 9
What are the criteria for a trustworthy information system?
The following criteria outline the best available practices for implementing a trustworthy information system. The most appropriate practices for a particular system may comprise only a certain number of these. Agencies choose what is reasonable and practical depending on a variety of factors. The important point is to make, justify, and document your choices in order to ensure consistent application and your agency's accountability or its decisions.
The criteria range from system- to record- level and are categorized into five main groups:
- Criteria Group 1: System Documentation
- Criteria Group 2: Security Measures
- Criteria Group 3: Audit Trails
- Criteria Group 4: Disaster Recovery Plans
- Criteria Group 5: Record Metadata
Each of these areas contain specific criteria as well as items for further consideration:
- If available, Questions to Ask while reviewing each criteria set are found at the top of the page.
- Did You Know highlights items drawn from Minnesota government sources concerning information systems and records management.
- Points under Consider This expand upon the criteria.
The criteria set will be updated as necessary to reflect new information. Sources are listed in the Bibliography section of this handbook.
General Questions to Ask
While reviewing the following criteria think about these questions.
- What laws and/or regulations (state and federal) apply to the data within your system?
- What are your industry's standards for system security?
- What are your industry's standards for data security?
- What areas/records might lawyers target?
- What areas/records might auditors target?
- What data falls under the Minnesota Government Data Practices Act?
- What data is of permanent/historical value to you and/or to others?
TIS Handbook last updated July 2002, Version 4.