State agency heads or designees shall approve and institute
written policies and procedures that communicate an enterprise-wide
approach for electronic state records management practices, and that
create accountability and auditability for the execution of these
policies and procedures. Refer to Guidelines (§6.96) for recommended
electronic records management best practices and standards to satisfy
requirements specified under this subchapter.
(1) An agency's policies and procedures required by
this section shall include these elements:
(A) Establish a component of the agency's active and
continuing records management program to address the management of
electronic state records that includes the management of electronic
state records created, received, retained, used, transmitted, or disposed
of electronically, including those electronic state records in the
possession of the state agency, vendors, or other third parties (i.e.,
telecommunication, social media, etc.);
(B) Integrate the management of electronic state records
with other records and information resources management programs of
the state agency;
(C) Incorporate electronic state records management
objectives, responsibilities, and authorities in pertinent state agency
directives;
(D) Address electronic state records management requirements,
including retention requirements and final disposition;
(E) Address the use of new technologies adequate to
fulfill the agency's duty to identify, manage, retain, and make final
disposition of electronic state records;
(F) Ensure transparency by documenting in an open and
verifiable manner the processes and activities carried out in the
management of electronic state records; and
(G) Require that records management concepts and requirements
be included in agency training on information systems and resources.
Also, an agency's information resources personnel shall receive training
on records management issues as they relate to electronic information
systems, electronic mail systems, the operation, care, and handling
of information, and the hardware, software, and media used to ensure
that:
(i) Information resources personnel understand the
records management implications of selecting, purchasing, developing,
installing, deploying, modifying, and retiring technology hardware,
software, etc.; and
(ii) Decision makers and end users understand their
responsibilities to create, protect, and manage electronic state records
anywhere.
(2) An agency's policies and procedures shall adhere
to 1 TAC 202 requirements regarding security programs; and
(3) An agency's policies and procedures shall follow
privacy requirements for information that must be protected from unauthorized
use or disclosure as required by applicable state or federal law (e.g.
constitutional, statutory, judicial, and legal agreement requirements).
|