|
| | | | This will be a virtual meeting conducted via GoToMeeting. Should you wish to join this meeting from your phone, tablet, or computer you may go to https://global.gotomeeting.com/join/168670141. You can also dial in using your phone United States: +1 (872) 240-3412 and Access Code: 168-670-141. | | | |
|
Not available
|
|
| | 1. | | Call to order.
Minutes note: The meeting was called to order at 10:03 a.m. | | | |
|
Not available
|
|
| | 2. | | Roll call.
Minutes note: Present 11 - Kovac, Henke, Richter, Jaeger, Klajbor, Meyer-Stearns, Zelazny, Zimmer, Klein, Watt, Larson
Absent 1 - Madison
Dana Zelazny attending as a member in place of James Owczarski.
Also present:
Brad Houston, City Records Center
Peter Block, City Attorney's Office
Rhonda Kelsey, City Purchasing Division
Judy Siettmann, Information & Technology Management Division | | | |
|
Not available
|
|
| | 3. | | Introduction of new members.
Minutes note: Member Zimmer introduced himself as the new Water Works IT manager and new Water Works designee to the committee.
Member Jaeger introduced himself as the new Library Services Manager dealing with archives and collections, being a custodian of archives from the City Records Center, and new Library designee to the committee. | | | |
|
Not available
|
|
| | 4. | | Review and approval of the previous meeting minutes from June 10, 2021.
Minutes note: The meeting minutes from June 10, 2021 were approved without objection. | | | |
|
Not available
|
|
| | 5. | | Records Retention.
Minutes note: a. Proposed departmental record schedules for approval
Mr. Houston gave an overview. For consideration were 171 total schedules. Most were closed or revised schedules. For document control purposes, paper or scanned records and permanent or archival records were to have different schedules. New schedules were created for three Police Department units as follows: 20 superceded schedules for the Training Bureau, 12 amended and 2 superceded schedules for Internal Affairs, 2 new and 8 superceded schedules for Community Services. There were Health Department schedules pertaining to clinic-patient medical records and medical records response matter. The clinic-patient medical records schedule was a consolidation of other schedules regarding records of patients seen at various locations. The schedule for medical records response matter pertained to permitted medical record requests for patient records, and this schedule was given a shorter retention period due to the sensitive nature of the records.
Member Klajbor questioned the relevant departments for the first deleted schedule.
Mr. Houston replied that the spreadsheet listing those departments would be added to the record and included the Mayor's Office, Budget Office, Dept. of Administration, Municipal Court, and City Clerk-Common Council.
Member Klajbor moved approval of the proposed departmental record schedules. There was no objection.
b. State Records Board approval of previous schedules
Mr. Houston commented. All previous schedules from the last meeting were approved by the State Records Board except two. The schedule pertaining to the IT projects file was changed to reduce the retention period to 5 years to conform with that of the State. The schedule for Dept. of Employee Relations COVID-19 results reported were denied. The board thought a retention period was too short and too early to determine. The schedule would be withdrawn for now but be presented again in the future when appropriate to do so.
c. Microsoft 365 (Teams, SharePoint, Onedrive) data retention policy for review or approval
d. DocuSign records management and retention policy for review or approval
Mr. Houston commented. Review by the City Attorney's Office of both policies was requested but did not occur yet. The ask would be to put versions of the policies on the City Records Center website for guidance purposes while the policies get reviewed by the City Attorney's Office.
Atty. Block said that requests for review should go to the City Attorney, with a copy to the Special Deputy City Attorney, to get assigned accordingly (presumably him) for review, that there were initial concerns with the policies, that edits were expected, and that the policies were not ready for posting.
Member Klajbor and Ms. Kelsey said that all departments should be given the opportunity to review the policies, especially for the City Purchasing Division where DocuSign is utilized.
Mr. Houston replied that departments would be able to review the policies further before representing the polices to the committee for another review, Dept. of Employee Relations would hold meet-and-confer meetings, he was working to secure and pipeline DocuSign records to File Director and to the E-Vault, and that the policies would not be put on the City Records Center website. | | | |
|
Not available
|
|
| | 6. | | Review of copying costs.
Minutes note: Atty. Block commented. He had written a memo responding to the City Clerk regarding copying costs. The genesis was due to a reevaluation of paper copying costs by the Attorney General. The Attorney General's Office had reevaluated their own copying fees. The Attorney General's Office decided to reduce their own fees to around $0.01 or @0.02 per page. Municipalities were encouraged to their reduce copying costs. The City's copying cost was $.25 per side of a page. Most records were being provided digitally. Charging for copying was infrequent. Most other municipalities have reduced the charge to $.05. Changing the City's paper copy costs would required a change in ordinance and a recommendation from the committee.
Member Klajbor inquired about the costs associated with research, locating and labor (including salary, fringe benefits, and overhead) to produce records.
Mr. Houston questioned about copying costs associated with nonstandard mediums or formats.
Atty Block replied. The records law permits charging additionally and separately for location (costs associated with time and labor to locate records) and for formats or mediums beyond standard paper. The Attorney General spoke directly on paper copying costs and did not address copy types, labor, or other charges. The City mostly produced digital records, and most records were natively digital. Holding action for one cycle on lowering the copying cost would not be a big risk. Records custodians have the ability to reduce charges if a reduction is in the public interest, and could rely on that ability until the ordinance is changed.
Ms. Kelsey said that open record requests of City Purchasing Division contract records were being produced digitally with very little paper copying being done.
Vice-chair Henke said that ITMD's open record requests dealt mostly with e-mails and digital copying.
Member Zelazny said that the City Clerk's Office would inquire with departments and convey back to the committee information on average copying costs.
Chair Kovac said to hold the review of and recommendation on copying costs at the next meeting for further research to be done. | | | |
|
Not available
|
|
| | 7. | | Information and Technology Management Division communications.
Minutes note: a. Data Governance Plan
Ms. Siettmann gave an overview. The Data Governance Plan was a high level policy defining what the overall data policy should be. Aspects of the plan included data, structure, roles, responsibilities, owners, and how to share, safeguard, and archive data. There were other separate policies, such as 18 other policies on security, containing processes, and procedures, and the standards. There would be numerous policies for data as well. One primary concern and topic of discussion on the Data Governance Plan was the lack of a Data Governance Committee to help define the true source and owner of data is and how data is shared. Feedback and review of the plan were needed from committee members. Edits and suggestions would be discussed at the next meeting. The policy was a big project, one that was difficult to summarized. Bringing it to the committee was a first step. The security plan had outlined all of the supporting documentation within that plan at a high level, and perhaps the same could be done to the Data Governance Plan.
Mr. Houston commented. He has struggled with data as records, the definition of data, and narrowing down data. There seemed to be different definitions of data between he, the State, and the end user.
Member Watt said that members should review the plan further, offer input, received an updated version in advance of the next meeting, and make a recommendation on the plan at the next meeting.
b. Multi-factor authentication implementation
Vice-chair Henke gave an update. The multi-factor authentication for the Microsoft platform took place within several departments. Departments included ITMD, Water Works, and the Port. These departments were prioritized due to their critical infrastructure environments. ITMD was reaching out to other departments for implementation. Anticipated to finish by the end of the year were authentication for DER, DCD, and the majority of departments. The authentication was a product of recommendations from the recent Comptroller's audit fon City security and cybersecurity.
Member Klajbor questioned the authentication of temporary employees and tellers within the Treasurer's Office given that they may not have a City-issued phone, landline, and email.
Vice-chair Henke replied that e-mail accounts would need to be set up for those employees, employees should have their self-service password reset function enabled for recovery purposes, authentication could occur on any device and would not be restricted to any City-issued device, the preference would be not to roll out extra City-issued devices as they would be burdensome.
c. Cyber-security training
Ms. Siettmann gave an update. ITMD has implemented monthly security training. Participation was good initially but over time the participation rate fell to 17%, which was not acceptable. There was discussion to make it mandatory next year. An unknown was how to require the training. There could perhaps be a training fair once a year, or monthly trainings would resume. Users would be assigned to the department heads so reports could be sent out for any mandatory user training. October would be Cyber-security Awareness Month. ITMD would be sending out weekly newsletters about security initiatives and measures, putting up posters, and changing information on security on its website. There was discussion to create a security SharePoint site with all of this security information, tips and tricks, and extra information. Phishing campaigns would be continued, and many people have reported phishing.
Vice-chair Henke added that one of the recommendations from the Comptroller's audit findings was to have required annual security training, which was a good practice to have. The audit finding helped reinforce the importance and priority to have security training.
| | | |
|
Not available
|
|
| | 8. | | Comptroller's Office Audit Division communications.
Minutes note: a. IT Risk Assessment
Member Klein gave an update. BakerTilly did the annual IT risk assessment. The assessment generally involved reviewing IT procedures and practices that could affect financial reporting. Some aspects reviewed would include chain management, user access, controls, backup protocols, use of third party service providers, and physical security. The 2020 report was issued in May 2021. There was only one minor finding this year for the Treasurer's Office to do an access control review on user access. The review was done. The finding did not impact anything related to the financial audit. Recommendations have decreased over the last few years. 2018 had 7 recommendations. 2019 had 4 recommendations. 2020 had one recommendation.
b. Comptroller's remediation efforts for NIST audit
Appearing:
Charles Roedel, Comptroller's Office - Audit Division
Mr. Roedel gave an update. Bulletproof was contracted to do a NIST audit review in the spring. In response to the review his office would review each departments, their findings, and validate the remediation of those findings early next year. He would provide an update early next year on the results of the review.
| | | |
|
Not available
|
|
| | 9. | | Agenda items for the next meeting.
Minutes note: Agenda items to include review and recommendation on copying costs, Data Governance Plan, Microsoft 365 data retention policy, and DocuSign records management and retention policy. | | | |
|
Not available
|
|
| | 10. | | Next meeting date and time.
Minutes note: a. Thursday, December 9, 2021 at 10 a.m.
Meetings to remain virtual until further advised. | | | |
|
Not available
|
|
| | 11. | | Adjournment.
Minutes note: Meeting adjourned at 11:02 a.m.
Chris Lee, Staff Assistant
Council Records Section
City Clerk's Office | | | |
|
Not available
|
|
| | | | Meeting materials from this meeting can be found within the following file: | | | |
|
Not available
|
|
210762
| 0 | | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its September 16, 2021 meeting. | | | |
Action details
|
Not available
|
|