Compliance
November 3, 2019
November 18, 2024

DC2020 Failures Confirmed by ANAO

Explore why the Digital Continuity 2020 program's Business Systems Assessment Framework fell short and discover the need for a radically different approach to managing business records.

DC2020 Failures Confirmed by ANAO

Interview multiple candidates

Lorem ipsum dolor sit amet, consectetur adipiscing elit proin mi pellentesque  lorem turpis feugiat non sed sed sed aliquam lectus sodales gravida turpis maassa odio faucibus accumsan turpis nulla tellus purus ut   cursus lorem  in pellentesque risus turpis eget quam eu nunc sed diam.

Search for the right experience

Lorem ipsum dolor sit amet, consectetur adipiscing elit proin mi pellentesque  lorem turpis feugiat non sed sed sed aliquam lectus sodales gravida turpis maassa odio.

  1. Lorem ipsum dolor sit amet, consectetur adipiscing elit.
  2. Porttitor nibh est vulputate vitae sem vitae.
  3. Netus vestibulum dignissim scelerisque vitae.
  4. Amet tellus nisl risus lorem vulputate velit eget.

Ask for past work examples & results

Lorem ipsum dolor sit amet, consectetur adipiscing elit consectetur in proin mattis enim posuere maecenas non magna mauris, feugiat montes, porttitor eget nulla id id.

  • Lorem ipsum dolor sit amet, consectetur adipiscing elit.
  • Netus vestibulum dignissim scelerisque vitae.
  • Porttitor nibh est vulputate vitae sem vitae.
  • Amet tellus nisl risus lorem vulputate velit eget.
Vet candidates & ask for past references before hiring

Lorem ipsum dolor sit amet, consectetur adipiscing elit ut suspendisse convallis enim tincidunt nunc condimentum facilisi accumsan tempor donec dolor malesuada vestibulum in sed sed morbi accumsan tristique turpis vivamus non velit euismod.

“Lorem ipsum dolor sit amet, consectetur adipiscing elit nunc gravida purus urna, ipsum eu morbi in enim”
Once you hire them, give them access for all tools & resources for success

Lorem ipsum dolor sit amet, consectetur adipiscing elit ut suspendisse convallis enim tincidunt nunc condimentum facilisi accumsan tempor donec dolor malesuada vestibulum in sed sed morbi accumsan tristique turpis vivamus non velit euismod.

In 2017, I wrote an article about the problems with the Digital Continuity 2020 program, specifically its Business Systems Assessment Framework (BSAF) approach to achieving records compliance in business systems. The BSAF could never have worked, and ANAO has since found that the gains expected by the program will not be achieved by 2020 (or, possibly, at all).

The BSAF model says that agencies can address records control in their non-EDRMS systems in four possible ways:

1: Customisation (Build-in)

This approach is to modify your business system to include continuum-management controls. But most systems do not support this natively, using configuration - they would require customisation, which is not good practice (and is not even possible for hosted systems).

2: Integration (connect to EDRMS)

This approach is to join the business system to the EDRMS, and let the EDRMS manage the record. However this approach also introduces cascading technical risk by making systems (of which we have dozens to manage) interdependent with the EDRMS technology. This can prevent upgrades and patching, and affect supportability and security.

3: External (export to EDRMS)

This approach is to copy/move records from the business system to the EDRMS. But this is not a compliant continuum approach - it only captures the record at a point in time; removes it from its context or duplicates it (doubling the threat surface and halving discoverability); and only works for simple formats (documents, emails etc), not structured data.

4: External (governance)

This approach is to manage sentencing and disposition manually - but this is not feasible at the scale we are working with. We have a huge amount of data, growing all the time, subject to dozens of different retention and regulatory requirements. Human beings cannot manually control this mass of data and overlaying rules without the support of technology.

For DC2020, and its successors, to ever be successful, a radically different approach to controlling business records needs to be used.