This policy is designed to create a standardized governance framework of policies, procedures, and application tools for the life cycle management of electronic information resources across the enterprise.
Mayor and City Council departments
Council approval: August 22, 2003, Resolution 2023R-403
Enterprise Information Management (EIM) is a program that is designed to create a standardized governance framework of policies, procedures and application tools for the life cycle management of electronic information resources across the enterprise. The EIM Policy provides guidance for managing City information in a comprehensive and strategic manner and sets boundaries and establishes the direction for the EIM program.
This document includes the EIM Policy and EIM Policy Requirements. The EIM Policy includes statements that identify how the City will manage its information. The EIM Policy Requirements outline the activities necessary to implement the policy. The EIM Policy can be viewed as an umbrella policy that will eventually include more specific policies that will bring together EIM components (records retention, data practices, stewardship, storage, security, etc.). The supporting policies will provide the specific details and guidance necessary to build the EIM infrastructure for the City.
The EIM Policy provides guidance for building enterprise information integrity by providing direction for meeting legal and regulatory mandates; identifying evidentiary requirements; and addressing the accountability requirements for the governance and stewardship of information. The policy mandates the inclusion of EIM requirements into strategic planning processes and the early integration of requirements during business process analysis and business systems implementation. The policy aligns with City Goals and supports the access to information in accordance with the Minnesota Government Data Practices Act and the retention of records in accordance with the Records Management Act.
The EIM Policy includes the concept of information life cycle by directing the management of information through its existence. The life cycle of information encompasses stages from creation and collection of the information to maintenance, access, use, storage, and disposal (or preservation). The life cycle concept is important to include in the EIM Policy for several reasons. Today, almost 70% of all City business transactions are electronically based and are never reduced to paper form. Many of the records required to provide evidence of City business transactions require a much longer life than the technology that supports it. Information can be requested at any point in the life cycle and therefore must be managed and accessible for as long as the information is required. In addition, privacy protection must be able to be applied or released at any point from the creation to the destruction of the information. For these and for a variety of other reasons, the City and its employees need to understand the importance of information lifecycle activities and learn how to effectively apply and integrate them in the daily operation of business.
The City of Minneapolis will provide the governance structure necessary to implement business systems that will effectively manage information throughout its life cycle. The City will deploy business systems that produce and manage information that is trustworthy, creates essential evidence of business transactions, meets required legal and regulatory mandates and utilizes industry best practices.
The City of Minneapolis will:
The Policy Requirements provide the direction as to what must be done to implement the policy. The Policy Requirements support the EIM Policy by providing guidance on the integration of information management activities into operational processes. The integration will facilitate policy implementation and more effective service delivery. The EIM Policy Requirements include; Governance, Managing Information, Maintaining Public Trust and Additional Considerations Related to Electronic Media.
The EIM Policy Board, Business Information Services (BIS) and the Records Management Division of the City Clerk’s Office will provide the leadership for the EIM Program and activities required to achieve this policy.
The City will manage information throughout the life cycle of the information and develop an information management program to deliver effective and accessible information, programs and services. Information under the control of the City will be effectively managed regardless of medium or format.
The City is committed to responding to the information needs of citizens and serving the public interest. The public expects government information and services to be complete and easy to understand and use. They also expect the City to provide affordable and cost-effective information, programs and services and safeguards for protecting and preserving the information appropriately.
The City is committed to doing business electronically and using technology as a means to enhance program and service delivery. New technologies create new information management challenges and opportunities particularly as they relate to the efficient, secure and timely access to information over time and through changes in technology.
City officials and staff are responsible for managing information throughout its life cycle in the performance of their duties.
The EIM Policy Board establishes the goals and priorities for the EIM Program and develops and approves policy recommendations for information management for the City. The EIM Board makes decisions on structure, projects, resource commitments and educational activities on behalf of the City to develop and accomplish the EIM goals.
Responsibilities of the EIM Board include:
Working together, the City Clerk’s Office (City Clerk) and Business Information Services (Chief Information Officer) will ensure that the City’s Goals, Strategic Planning and Department Business Plans address information management needs including; data practices, information and data sharing, retention and other high-level information management requirements. They are responsible for organizing and leading the ongoing development of Citywide information management policy, required architecture and identifying the information and data management responsibilities required to support department strategic plans.
Responsibilities of the EIM Project Sponsors include:
Under the City of Minneapolis Records Management Policy (1998), the Records Manager has specific roles and responsibilities related to the management of City records, which include:
The responsibilities of Enterprise Data Management staff include:
Responsibilities of program managers, business analysts and subject matter experts include:
Responsibilities for managing City information include:
All employees are responsible for creating and managing records that document business transactions and decisions and applying information management principles, standards and practices in the performance of their duties.
The City will assess the effectiveness and degree of compliance in meeting the requirements of this policy through periodic evaluations and internal reviews. The EIM Policy Board will use the reviews of departments and business functions to monitor compliance with all aspects of this policy.
Appendix A – Authorities and legal framework
Appendix B – Glossary of EIM project management terms
Appendix C – Glossary of information management terms
This policy is issued under the authority of the Information Policy Board, the Records Management Act and the Minnesota Government Data Practices Act.
Understanding existing regulations that affects the EIM program is important to the development of policy, procedures, best practices for department use. Data, information, records and information systems are subject to specific Minnesota statutes and Federal legislation, including general records laws and electronic records laws. In addition to the laws listed below, there are approximately 1800 regulations that affect the retention of specific records that are created and managed by the City. This listing is available from the City Clerk Records Management Division.
The Official Records Act is a general records law that mandates that "all officers and agencies" at all levels of government "shall make and preserve all records necessary to a full and accurate knowledge of their activities." This mandate reflects a concern for accountability: since government spends public money on public services, government agencies must be accountable to citizens, government administrators, courts, the legislature, financial auditors, and to history—that is, to future generations. Under the Official Records Act, the City’s chief administrative officer is responsible for creating and preserving government records, including electronic records. This statute also allows records to be copied to another format or storage medium and still preserve the authenticity, reliability, and legal admissibility of the record, as long as the copies are made in a trustworthy process.
The Records Management Act recognizes that creating comprehensive records and preserving them forever would be an impossibly expensive burden. Instead, the Act creates a mechanism for the orderly and accountable disposition of records in the form of the Records Disposition Panel. The Act also makes the state's Department of Administration (the Information Policy Analysis Division specifically) responsible for overseeing the records management process. The Records Disposition Panel includes the Attorney General, for expertise on the legal value of records; Director of the Minnesota Historical Society, for expertise on the historical value of records; and State Auditor (for local agencies), for expertise on the accounting value of records. The panel reviews, evaluates, and approves or disapproves requests to dispose of records, to transfer records, and to establish records retention schedules.
The MGDPA assumes that government records (including electronic records) should be accessible to the public. Citizens should know what the government is doing, because the government must be accountable to the public. However, government agencies create some records that are confidential or private, such as medical records. So, while in theory all records are presumed to be publicly accessible, many exceptions exist. Only the Minnesota state legislature defines these exceptions. Any organization, public or private, that improperly releases data covered by the act could suffer significant penalties.
UETA and E-Sign were both enacted in 2000. Both laws intend to facilitate the use of information technology in government and business by addressing the legal obstacles that exist in a system oriented towards paper records and signatures.
The primary message of the laws is that a court may not determine that an electronic record or signature is untrustworthy simply because it is in an electronic format. A court can, though, reject electronic records and signatures because a government agency is creating, using, or managing them in an untrustworthy system or manner. One indicator of untrustworthiness would be an agency's failure to respect the laws governing records.
The Act seeks to increase the responsibility and accountability of departments and agencies in achieving substantial improvements in the delivery of services to the public and in other program activities through the use of modern information technology. The Act also facilitates and provides for the efficient and effective use of modern information technology.
This act specifically provides for Federal agencies, by October 21, 2003, to give the public the option to submit information electronically; to maintain or disclose information to the public using electronic means; and to use electronic authentication methods to verify the identity of the sender and the integrity of electronic content. The law directs agencies to engage in the “acquisition and use of information technology, including alternative information technologies that provide for electronic submission, maintenance, or disclosure of information as a substitute for paper, and for the use and acceptance of electronic signatures.”
This act requires Federal Agencies to assess the security of their non-classified information systems. More important from an enforcement perspective the law requires every agency to provide a risk assessment and report of the security needs of its systems. All agency programs must include procedures for detecting, reporting and responding to security incidents, including notifying and consulting with law enforcement officials, other offices and authorities, and the General Services Administration’s Federal Computer Incident Response Capability (FedCIRC).
Sarbanes-Oxley imposes new safeguards (including records creation and retention requirements) on public accounting firms that want to audit publicly traded companies, publicly traded companies, and firms with securities analysis and investment banking functions. The Act also amends the U.S. Code dealing with obstruction of justice within the context of crimes.
Circular No. A-130 provides uniform government-wide information resources management policies as required by the Paperwork Reduction Act. The Act also establishes a minimum set of controls to be included in Federal automated information security programs and assigns Federal agency responsibilities for the security of automated information.
HIPAA provides direction to improve the portability and continuity of health insurance coverage; to combat waste, fraud and abuse; to improve access to services and coverage; and to simplify the administration of health insurance. The US Department of Health and Human Services, created regulations establishing national standards for privacy of health information. The regulations: establish several basic rights for individuals with respect to their health information and place limits on the use and disclosure of health information.
Policy: strategic guidance that sets boundaries, establishes direction, influences other decisions and prescribes conduct.
Principles: a statement of preferred direction or practice. Principles constitute the rules, constraints and behaviors that an organization will abide by in its daily activities over a long period of time.
Procedures: specific practices or requirements to be followed focusing on specific methods and identifying accountability.
Standards: specific and mandatory practices or requirements to be followed focusing on results and identifying accountability.
Guidelines: best practices, suggested approaches, or methods intended to provide the means of meeting requirements of policies or standards.
Best Practices: recommended methods that serve to direct or guide the detailed, design, selection, construction, implementation, deployment, support or management of a project or program. Best practices are based on the success stories of one or more organizations or the industry as a whole.
Toolkits: specific methodologies and “how to” tools (e.g. templates, checklists, forms, etc.) created for use by staff and the public for the management, planning, and delivery of information systems and City services in a manner consistent with the City Information Management Policy.
Data Management: Controlling, protecting, and facilitating access to data in order to provide users with timely access and the accurate data that they need.
Information Management: discipline that directs and supports effective and efficient management of information in the City, from planning and systems development to creation, use, storage, disposal and/or long term storage of the information.
Enterprise Information: Information that is defined for use across an entire environment (citywide). Enterprise information is often (but not always) maintained in a shared central repository, connected to disparate computer systems, which provides common management, protection and information sharing capabilities.
Data Sharing/Integration: The sharing of information between unrelated systems between organizations, providing a single point of interface to which applications and databases connect and the resolving of differences between systems.
| Term | Definition |
|---|---|
| Accessible | "Accessible" means information arranged, identified, indexed or maintained in a manner that permits the custodian of the public record to locate and retrieve the information in a readable format within a reasonable time.
The term "accessible" means that the information system allows the City to find, obtain and retrieve the needed information from the system. The term “government data” means all data collected, created, received, maintained or disseminated regardless of its physical form, storage media or conditions of use. “Public data” means data, which is accessible to the public. “Private data” means data that is not public but is accessible to the individual subject of the data. “Confidential data” means data that is not public and is also not accessible to the individual subject of the data. The “Responsible Authority” for government data is defined in Minn. Statute 13.02 and Minn. Statute 13.05 as the person with certain legal responsibilities for determining whether or not to provide access to information under Minnesota Government Data Practices Act. “Designee” is defined as any person designated by the Responsible Authority to be in charge of individual files or systems containing government data and to receive and comply with requests for that data. "Reasonable time" is not defined in the law. The intent of this provision is for government agencies to address the need for timely retrieval of information, to meet government agency needs and also to anticipate and prepare to respond to public information requests. |
| Accurate | "Accurate" means all information produced exhibits a high degree of legibility and readability and correctly reflects the original record when displayed on a retrieval device or reproduced on paper. |
| Authentic | "Authentic" means the retained electronic record correctly reflects the creator’s input and can be substantiated.
Records Management Standard ISO 15489 explains the term "authentic" as follows: |
| Backup and Recovery | “Backup and recovery” are methods designed as an integral part of all data storage systems that address the business requirements of the data regarding availability, accuracy, and timeliness of data. |
| Content | "Content" means the basic data, message or information carried in a record. |
| Context | "Context" means the relationship of the information to the business and technical environment in which it arises. "Context" can include, but is not limited to, such elements as: the origin of the record; date and time the record was created; identification of the record series to which the information belongs. |
| Data Definition | “Data definitions” are used to help manage data resources by ensuring integrity (without duplication), providing clarity of meaning, and making data accessible to those who need it through precise identification of the required data. |
| Data Practices | The primary state law that governs the privacy of records is the Minnesota Government Data Practices Act. Proper application of Data Practices facilitates the access or restriction to data as permitted and required by law, prevents/provides data sharing as required by law and provides rights for individuals who are the subject of data. |
| Data Quality | Appropriate “data quality” is essential to making good decisions. Users of data must know the quality of the data in order to weigh the information properly for decision making. |
| Electronic Format | "Electronic format" includes information created, generated, sent, communicated or stored in electrical, digital, magnetic, optical, electromagnetic or similar technological form. |
| Information System | "Information system" means a system for generating, sending, receiving, storing or otherwise processing data. |
| Legible | "Legible" means the quality of the letters, numbers or symbols can be positively and quickly identified to the exclusion of all other letters, numbers or symbols when displayed on a retrieval device or retrieved by device or reproduced on paper. |
| Life Cycle | "Life cycle" means all phases of a record’s existence: creation; active use; preservation and management through to disposition. "Disposition" includes permanent preservation as well as designation for destruction. |
| Meaning | "Meaning" means a record carries its original content, context and structure throughout its life cycle. |
| Metadata | “Metadata” is the term used to describe the structure of information resources required to make data understandable, usable and shareable. Common deployment of data documentation schemes promotes data reusability, reliability and the possibility of sharing across the enterprise. |
| Public records | "Public records" "All cards, correspondence, disks, maps, memoranda, microfilm, papers, photographs, recordings, reports, tapes, writings and other data, information or documentary material, regardless of physical form or characteristics, storage media or condition of use, made or received by an officer or agency of the state and an officer or agency of a county, city, town, school, district, municipal, subdivision or corporation or other public authority or political entity within the state pursuant to state law or in connection with the translation of public business by an officer or agency….
The term ’records’ excludes data and information that does not become part of an official transaction, library and museum material made or acquired and kept solely for reference or exhibit purpose, extra copies of documents kept only for convenience of reference and stock of publications and process documents, and bond, coupons, or other obligations or evidence of indebtedness, the destruction or other disposition of which is governed by other laws" "Information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form" (Minnesota Statutes, Section 325L.02). |
| Readable | "Readable" means the quality of a group of letters, numbers or symbols is recognized as words, complete numbers or distinct symbols. |
| Records Audit/Inventory | The “records audit/inventory” identifies major business functions/processes and classifies and defines the record groupings that support these functions. The information is used to identify legal requirements (retention, data practices, access, etc.) and for identifying the responsibilities for managing the records. |
| Records Management | “Records management” is the process used to create and maintain accurate records, present evidence, provide historical documentation, provide efficient services and allow its actions to be reviewed and audited. |
| Records Retention Schedule | The “records retention schedule” is a plan for the management of records that identifies how long records should be maintained. The purpose of the retention schedule is to provide continuing authority to dispose of or transfer records for long-term archival storage. |
| Reliable | "Reliable" means the electronic record produced correctly reflects the initial record each time the system is requested to produce that record.
Reliable may also be considered as "trustworthy," meaning that the electronic records can be relied upon as evidence of transactions because certain standards have been followed in the creation of the records. Those standards should include:
|
| Structure | “Structure" means the appearance or arrangement of the information in the record. "Structure" can include, but is not limited to, such elements as heading, body and form. |
| Trustworthy Systems | A “trustworthy information system” is a system that can produce reliable and authentic information and records. A trustworthy system must demonstrate that it accurately reflects and records the business processes it was designed to facilitate. A trustworthy system provides safeguards to protect data against accidental, unrecorded, or unauthorized change or distribution. |
| Usable | “Usable” in the context of a record means that it can be located, retrieved, presented and interpreted. |
If you need help with this information, please email 311, or call 311 or 612-673-3000.
Please tell us what format you need. It will help us if you say what assistive technology you use.
Office of City Clerk
Phone
Temporary office location
250 S. Fourth St., Room 200Mailing address
City Hall350 S. Fifth St., Room 304