|
| | 1. | | Call to order.
Minutes note: Meeting called to order at 10:10 a.m. | | | |
|
Not available
|
|
| | 2. | | Roll call.
Minutes note: Present 9 - Kovac, Olson, Islo, Klajbor, Sawa, Meyer-Stearns, Pfaff, Parish, Wilichowski
Excused 2 - Pinger, Watt
Rich Pfaff serving as a member in place of James Owczarski for this meeting. | | | |
|
Not available
|
|
| | | | Individual also present:
Minutes note: Bradley Houston, City Records Officer | | | |
|
Not available
|
|
| | 3. | | Review and approval of the previous meeting minutes.
Minutes note: Member Klajbor moved approval, seconded by member Meyer-Stearns, of the meeting minutes from March 21, 2019. There was no objection. | | | |
|
Not available
|
|
| | 4. | | Records retention.
Minutes note: a. Proposed departmental record schedules for approval.
Mr. Houston gave an overview. 283 schedules (primarily from ITMD, ERS, Health Dept., and MPD) are being closed with 172 out of the 283 being from MPD. Efforts will be made to continue closing obsolete schedules from MPD. 47 schedules are new with most of the schedules being renewals primarily from DCP, ERS, and ITMD. Schedules of note include schedule 19-0059 for retention of ITMD RITS tickets and related records in summarized form that would not be a burden to retain, consolidated schedules for the Election Commission, renewal schedules for ERS, clean up and more secured schedules from the Health Dept., and the new global schedule from ITMD for voice recording records. ITMD will maintain physical copies of voice recordings but departments will maintain intellectual ownership of the recordings.
Mr. Houston said that schedules 19-0001 and 19-A001 are resubmittals based on input from the previous meeting. 19-0001 a global schedule pertaining to a retention period of 6 months for all city employee text messages. 19-A001 is a global schedule with a permanent retention period only for elected officials text messages.
Members discussed schedules 19-0001 and 19-A001. Concerning to members were the lack of notice given to elected officials, lack of CART review, lack of City Attorney review, and lack of cabinet heads inclusion for schedule 19-A001. Also concerning were unclear definitions, such as "significant employees", and the likelihood of rejection from the State.
Member Klajbor moved to hold, seconded by member Meyer-Stearns, of both schedules 19-0001 and 19-A001 for further revisions. There was no objection.
Mr. Houston said that schedule 19-0020 has an appropriate retention period of 2 years after event resolution, dismissal, or end of litigation for external complaints within MPD and MFD.
Member Parish said that MFD should be removed from schedule 19-0020 due to the concern that MFD medical complaint records need longer retaining.
Member Klajbor moved to amend, seconded by member Meyer-Stearns, schedule 19-0020 to remove the Milwaukee Fire Department from the schedule. There was no objection.
Mr. Houston discussed other schedules of note. Schedules 19-0027 and 19-0028 pertain to a 7-year retention period for legal files, such as lead paint litigtation documents, contained outside of the City Attorney's Office. Schedule 19-0065 pertain to a 120-day retention period for all surveillance recordings except MPD body camera, dash camera, or related police device videos. The remainder of schedules is municipal global schedules that were reviewed by CART.
Members were concerned, especially for DPW and MPL, with costs and lack of server capacity to adhere to schedule 19-0065.
Member Klajbor moved to hold schedule 19-0065 for further consideration of cost implications. There was no objection.
Member Klajbor moved approval, seconded by member Meyer-Stearns, of the proposed retention schedules, as amended, excluding those items that were held. There was no objection.
b. State Records Board approval of previous schedules.
Mr. Houston said that all 37 schedules were approved by the State, a few required technical corrections, and schedule 19-0021 required a change from "closed" to "executed" in contract terminology . | | | |
|
Not available
|
|
| | 5. | | Communications and updates.
Minutes note: a. Text Archiving
Vice-chair Olson gave an update. The SMARSH product testing pilot phase with cabinet member city phones has had some onboarding difficulties. Other products are being looked at. Global Relay was another product but did not have a relationship with Verizon. Text archiving is still occurring for cabinet members for more than 6 months. SMARSH will continue to be tested with the Health Dept.
b. CityWatch RFP
Vice-chair Olson gave an update. CityWatch is a mass-notification system that sends alerts via phone, text, and email. Several departments (MPD, MHD, DPW, Port, and DNS) are using it for their field safety employees. The system has reached its end-of-life and is no longer supported by the manufacturer. ITMD is working with City Purchasing to do an RFP.
Member Meyer-Stearns said that MPL would be interested to use the system for its field workers.
c. Open Data and Hack-a-Pipeline
Vice-chair Olson gave an update. The open data portal has 271 datasets. The most popular datasets are Assessor's Office property sales data followed by crime data and master property files. The LiftupMKE May 4th Hack-a-Pipeline event was an effort to engage women reentering the IT workforce. 3 projects were pitched, 2 were accepted, and the 2 accepted projects placed 1st and 2nd. One project was a multi-modal app with information on bus routes, streetcar, and BUBLR bikes. The other project was an Alexa app for the City with information on library locations, police station locations, and permitting requirements or contacts. The project is ongoing and will add garbage information, voting locations, and street parking regulations. The Alexa app is available for download.
d. Vulnerability Assessment and Penetration Audit
Individual appearing:
Byron Dean, Comptroller Audit Division
Mr. Dean gave an update. SeNet International Corporation was picked via an RFP to broadly audit ITMD and all IT department networks except sensitive ones like the 911 Emergency System network. Objectives would include vulnerability scans, vulnerability exploitation (penetration), and results given to departments. Benefits of the audit include increasing the City’s overall IT security posture, reducing risks, reducing breaches, and helping to protect the City's reputation. Members are invited to a kick off event on July 10th. Rules of engagement will be finalized July 11th-July 23rd. Testing would occur from the end of July to the end of August. The audit would finish by mid September, and the hope is to share results with the committee at its next meeting.
Member Sawa said that this type of audit is periodically done.
e. IT Security
Vice-chair Olson gave an update. IT security training had been offered to departments. 8 departments with about 600 people have engaged in training. Training has also been a part of new employee orientation with about 260 new employees trained so far. There have been two major recent IT security threats. One has been the theft and sale of 199 employee accounts and passwords on the web. Affected employees have been told to change their passwords. The second was a Baltimore Ransomware attack called RobinHood on May 7th. The attack had encrypted Baltimore's server data and made it unusable without purchasing the digital key. The suspicion was that the attack came from e-mail since e-mail was the first thing to go down. Ransomware uses Bitcoin and is untraceable. The attack severely affected real estate sales, employee access, and tax bills in Baltimore. The cost to fix Baltimore's IT system has been $17 million. IT hacks are happening elsewhere. Judy Siettman is the new IT Audit and Security Analyst in ITMD and would work on policies and exercises in preparation of IT threats.
Mr. Dean added that the Vulnerability Assessment and Penetration Audit is one preventative measure that the City can take to prepare for IT security attacks, such as Ransomware, so that the City is not left to scramble to fix systems after the fact like what Baltimore is doing.
Member Parish added that hospitals and healthcare systems, such as CVS, are concerned about Ransomware, too.
f. Office365
Vice-chair Olson gave an update. ITMD is exploring the deployment of Office365 city-wide with two plans, G1 and G3, involving access and use of Microsoft software products. The G1 plan is web only, cheaper, and presents concerns. The G3 plan is a client version, downloadable to desktops, and more expensive. 10 licenses of G1 have been purchased for testing purposes. Departments that are not supported by ITMD should hold off on any Office purchases in 2019 and should inform ITMD of any of 2020 budget funds to buy software. The plan is to centrally fund Office365 through ITMD. Office365 is being driven by licensing and is HIPAA compliant. | | | |
|
Not available
|
|
| | 6. | | Agenda items for the next meeting.
Minutes note: To be determined. | | | |
|
Not available
|
|
| | 7. | | Next meeting date and time.
Minutes note: a. Thursday, September 19, 2019 at 10 AM | | | |
|
Not available
|
|
| | 8. | | Adjournment.
Minutes note: Meeting adjourned at 11:30 a.m.
Chris Lee, Staff Assistant
Council Records Section
City Clerk's Office | | | |
|
Not available
|
|
| | | | Materials for this meeting can be found within the following file: | | | |
|
Not available
|
|
190347
| 0 | | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its June 13, 2019 meeting. | | | |
Action details
|
Not available
|
|