|
| | 1. | | Call to order.
Minutes note: Meeting called to order at 10:02 a.m. | | | |
|
Not available
|
|
| | 2. | | Roll call.
Minutes note: Present 11 - Islo, Owczarski, Meyer, Klajbor, Kovac, Watt, Wilichowski, Sawa, Sawa, Olson, Pinger and Burki
Member Wilichowski joined committee at 10:12 a.m. during item 4, c. | | | |
|
Not available
|
|
| | | | Individuals also present:
Minutes note: Bradley Houston, City Records Center
Atty. Peter Block, City Attorney's Office | | | |
|
Not available
|
|
| | 3. | | Review and approval of the previous meeting minutes from December 14, 2017.
Minutes note: Member Klajbor moved approval of the meeting minutes from December 14, 2017. There was no objection. | | | |
|
Not available
|
|
| | 4. | | Records retention.
Minutes note: a. Proposed department record schedules for approval.
Mr. Houston gave an overview. There are 44 proposed new or renewed record schedules and 46 schedules being closed due to being obsolete or superseded by global schedules. Schedules being created include archival records from the Dept. of Administration, 6 schedules from the City Assessor’s Office relating to property tax exemptions and assessment objections, schedules from the Employes’ Retirement System being consolidated into a new wage and contribution reporting, renewal of schedules from central drafting, and a new global schedule for fiscal accounting records. The new global schedule would be applicable at a citywide level covering 19 schedules that are deemed most pertinent to departments. The new global schedule was put together by a working group, is based on different functional area recommendations and fiscal accounting schedules used by the State and University of Wisconsin system, and aims to be prescriptive rather than descriptive. A goal is to set an official record holder and dispose of copies of records held by departments administratively after an appropriate time has passed. An example is City budget records. Department record holders were informed, and some departmental feedback has been incorporated. The global schedule will go to departments to be adopted once approval is attained from the committee and the State Records Board.
Member Klajbor moved approval of the proposed department record schedules. There was no objection.
b. State Records Board approval of previous schedules.
Mr. Houston gave an update. All 20 schedules approved by the committee at its last meeting were approved by the State Records Board with one needing further clarification. Once an official letter is received from the board, he will notify departments to dispose of records accordingly.
c. Review of Records and Information Management (RIM) policy.
Mr. Houston gave an overview. The RIM policy was created in response to departmental inquiry about a city records policy. The city charter gives authority for a records management program but does not specify requirements and adherence. The policy is based of the models of other cities. The policy covers most of the management record issues faced by departments including compliance with public records laws, retention schedules, appointment of department city records coordinators, and public access. Many of the provisions are already occurring.
Member Wilichowski joined committee at 10:12 a.m.
Mr. Houston continued. There are three significant changes. First, the opt-in model was changed to departments having to opt-out of a schedule after a certain period of time. Second, archival records would be consolidated and made more available to the public and research community, especially through the creation of a community research center. After a record has met its disposition period and becomes archival material, discussions would be made with the department of that record for the City Records Center to have intellectual property control of that record and make it available to the researching public. Third, a proposal is to work with departments to redact records and delegate the ability to publicly make redacted records available, with the permission of departments, to the City Records Center. The proposal aims to streamline the process to timely respond to public records requests and reduce overhead on checking records. City Records Center would implement this provision in very close consultation with department heads and record coordinators. Only the Document Services supervisors and he will initially have the authority subsequently followed by other staff and librarians.
Atty. Block commented. He has discussed with Mr. Houston and reviewed the policy. Technically someone from a different department cannot be appointed to be a custodian. It is allowable for a custodian to provide a record in redacted form, if necessary, to the City Records Center for the center to provide the redacted record to the public.
Member Owczarski commented. There should be no overreaction. The City Records Center intends to roll out the redacted record provision very carefully and in collaboration with department heads. There some inconvenience between the public and the information that they are entitled to.
Mr. Houston added remarks. The standard practice is for departments to submit unredacted records to the City Records Center. The center would then determine redacted information and provide a redacted copy, if any, to a requester. An example was a request to see a former employee history card from the 1910s. He had the permission of Dept. of Employee Relations to release employment information but not the employee’s residential address information. The policy is a preliminary draft for the committee to see, and it will be brought back at the next meeting for a full review and recommendation. Prior to the next meeting he will meet with department heads to discuss the implications of departmental records that are sent down to the City Records Center, figure out administrative agreements for formulaic redaction requests, and make changes to the policy as necessary.
Member Klajbor said that a footer, which was missing, should be added to the policy.
Member Meyer-Stearns said that definitions and acronyms, such as acronyms for committees, need to be clarified in the policy.
Member Owczarski added comments. There is a summary of City Records Center activities for 2017, and an overview can be given at the next meeting regarding the center’s activities and solutions going forward. | | | |
|
Not available
|
|
| | 5. | | Communication from the Comptroller's Office.
Minutes note: Individuals appearing:
Adam Figon, Comptroller Internal Audit Division Manager
Gregory Lotze, Comptroller Internal Audit Division
a. City-wide Risk Assessment.
Vice-chair Olson questioned selection of a vendor, datacenters affected, and other IT systems outside of datacenters.
Member Watt said that the risk assessment should look at all departments with their own IT function or staff. Higher risk may be more prevalent in those IT areas, especially ones with fewer staff. There is IT staff that is not part of a datacenter.
Mr. Lotze replied. A vendor has been selected. The project is underway. A list of applications, databases, platform servers, network appliances, and IT processes is being assembled for all 7 City datacenters: ITMD, Milwaukee Police Department, Fire Department, Municipal Court, Milwaukee Public Library, Water Works, and Health Department. The list will be given to the consultant, and the consultant will contact the appropriate datacenter managers, mostly by teleconference. There will be a 10-point grading skill. Some evaluation areas include risk based on external or internal development and internal impact to customers. Internal Audit will compile those lists, review the risk levels, and make an allocation schedule for its future audits. The audit process should not be problematic, and a final report can be shared with the committee. Internal Audit acknowledges the desire to include non-datacenter IT staff or functions as part of the enterprise-wide risk assessment.
b. Upcoming IT Audits.
Mr. Figon gave an update. An IT audit was completed for CRM Relationship Management (CRM) Application Controls, and was submitted to the Finance and Personnel Committee on February 22, 2018. Initiated and ongoing IT audits include the Enterprise-wide Information Technology Risk Assessment and ITMD Data Center Controls. Upcoming IT audits include Network Security Controls - Penetration Testing and Scanning, Land Management System, and Municipal Court Data Center Controls.
Mr. Lotze added remarks. A vendor has not been selected yet for the Network Security Controls - Penetration Testing and Scanning audit, and the audit would be anticipated for later in the year. The Land Management System audit is anticipated for the 3rd or 4th quarter for the year and focused on implementation controls, change control management, and current/final implementation disposition. The Municipal Court Data Center Controls audit is anticipated for late 3rd or 4th quarter for the year. | | | |
|
Not available
|
|
| | 6. | | Communication from the Information and Technology Management Division.
Minutes note: a. New Security Appliance Deployment.
Individual appearing:
David Henke, Information and Technology Management Division (ITMD)
Mr. Henke gave an overview. A new security appliance was purchased, tested by ITMD since November 2017, and will be deployed citywide for 2018. The new security appliance is more than a firewall and also serves as a VPN remote access solution moving forward. Implementation of the new security appliance to departments will be gradual from department to department and begin with smaller sized departments. Public safety departments will be the last sections to do the migration. Departments’ schedules and workload will be considered. The system upgrade will add an additional firewall as a back up to the single fire walls in place, add features and modernization, increase the ability to block antiviruses and spyware, better track vulnerabilities, and allow the blocking of particular websites. Only known sites of vulnerability or risk will be actively blocked. Examples include malware sites, copyrighted downloading sites, and sites of large bandwidths.
Vice-chair Olson said that there is no intention to filter or restrict site selection specific to each department.
Member Wilichowski inquired about content management, restricting pornographic content, and licensing.
Mr. Henke replied. There will be the ability to do content management, such as to restrict pornographic content, but not everything can be blocked by default. Specific categories to restrict can be more of a management issue rather than an IT issue. There have been instances of blocking torrent and downloading sites. The new system also allows for alerts and the blocking of certain file types. The intent is to make the implementation simple and consistent for all. Further efforts are being taken towards a VPN access to support Windows 10 and be more modern either through site to site or a remote client. New applications for VPN are anticipated to go live this month followed by moving over existing connections. The licensing is unlimited for all clients. Information about the network security platform upgrade is available on the City’s MINT site.
b. Update to the Email Use Policy.
Ms. Olson gave an update. Two sections have been added to the policy. The sharing of passwords is prohibited, and employees should request additional accounts or access to accounts, if needed. An email account will not be taken by an employee when he or she transfers to a different department. Email transfers have made open records requests very difficult resulting in much research of accounts and recreation of previous staffing. Email alias of employees can be transferred and taken by employees when they transfer. There will be an administrative change to the first line of “private and security of” to add clarification that “all emails sent from or received via the email system are considered city property”.
Member Klajbor commented. An apostrophe should be added to state “chief information officer’s approval” in the policy. The amended policy will have to be submitted for Common Council approval.
Member Klajbor moved approval and referral to the Common Council the updated email use policy. Member Wilichowski seconded. There was no objection. | | | |
|
Not available
|
|
| | 7. | | Communication from Water Works relative to Instant Messaging (Slack) deployment.
Minutes note: Individuals appearing:
Michael Schaefer, DPW Water Works
David Zampino, DPW Water Works
Mr. Schaefer commented. His office, at the superintendent’s direction, has researched using instant messaging technology to improve productivity and reduce silos. Many vendors were looked at, and Slack was chosen for a one-year pilot test. After one year a decision will be made to continue using Slack or not. Slack is an industry leader, provides unlimited archiving, has ease of use to retrieve records, integrates to an active directory, has 24-hour live support, and is a different tool that can be used to capture information. Slack would be used mostly by office personnel and potentially some field investigators on desktop or tablet devices. Cellphones are current the communication method that is being used.
Member Meyer-Stearns commented. Slack offers a community setting that allows for conversations among many people and the ability to add documents and web links. She’s seen it used by multiple cities on certain projects and to share ideas.
Members and participants inquired about a retention schedule for Slack, text usage, email usage, attachments, fire storage, archiving source, costs, and file sharing.
Mr. Zampino commented. Texting is not being used due to not being a secured technology and having no retention. Slack has many advantages and is very searchable. His office is paying for unlimited storage of data that it uses. The data is downloadable and can be saved or archived. Email is different from Slack, is not a secure technology at its nature, was not designed to be instant or quick, makes ongoing conversations difficult, and is on a federated system. Instant messaging offers speeds at less than a second, and emails can take longer depending on a delay issue. Email has tacked on limited additional technology to make it more useful over time. Slack is not limited to just text, works with a central server, is a modern technology, and is a multi-media application that integrates many technologies. Email results in a copy of a message for each recipient whereas Slack has one message for all recipients. Email has the advantage of being supported by everyone. Slack has been initially considered for communication purposes. Water Works should already have possession of any files that may be shared through Slack. Archiving is done on the vendor’s servers and can be downloaded. Cost is at the highest level at $12.50 per user per month. The initial request is between 100 to 120 users.
Mr. Schaefer added remarks. Using Slack for file sharing can be an option moving forward but is not the primary goal for the initial test. The intention for Slack is to provide reliable and documented communication for Water Works. Slack usage can possibly be expanded up to 200 people total. Slack will be used by Water Works administration, business, distribution, and plant sections.
Attorney Block said that data should be downloaded for record purposes prior to Slack no longer being used.
Vice-chair Olson commented. There are concerns for file sharing on Slack, such as audio files which are not searchable through e-discovery.
Member Watt remarked. Audio files should not be used through Slack. Water Works staff should be trained to understand the record implications of using Slack.
Mr. Zampino added remarks. There will be third party software that will lock down devices whenever Slack is not being used on those devices. There is no intention to have personnel use Slack outside of work.
Mr. Houston commented. Instant messaging is a transitory record that adds value and is being used more and more from his experience. The committee should consider a record schedule for instant messaging. Most retention policies for transitory records are to destroy when no longer needed. Slack allows for setting retention periods for certain messages.
Member Klajbor said that there should be an update and possible demonstration of Slack in the future. | | | |
|
Not available
|
|
| | 8. | | Review and approval of the 2017 CIMC Annual Report.
Minutes note: Member Klajbor moved approval and referral to the Common Council of the 2017 CIMC annual report as produced by staff. There was no objection. | | | |
|
Not available
|
|
| | 9. | | Placing on file the following files which are no longer necessary: | | | |
|
Not available
|
|
161509
| 0 | a. | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its March 9, 2017 meeting. | PLACED ON FILE | Pass | 11:0 |
Action details
|
Not available
|
|
170245
| 0 | b. | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its June 8, 2017 meeting. | PLACED ON FILE | Pass | 11:0 |
Action details
|
Not available
|
|
170781
| 0 | c. | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its September 14, 2017 meeting. | PLACED ON FILE | Pass | 11:0 |
Action details
|
Not available
|
|
171222
| 0 | d. | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its December 14, 2017 meeting. | PLACED ON FILE | Pass | 11:0 |
Action details
|
Not available
|
|
| | 10. | | Adjournment.
Minutes note: Meeting adjourned at 11:10 a.m.
Chris Lee, Staff Assistant
Council Records Section
City Clerk's Office | | | |
|
Not available
|
|
| | | | Materials for this meeting can be found within the following file: | | | |
|
Not available
|
|
171691
| 0 | | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its March 15, 2018 meeting. | | | |
Action details
|
Not available
|
|