When it receives an FoI request, The National Archives undertakes a review of the access status and sensitivity of the record in consultation with the transferring department.
The office receives more than 2,500 requests a year, which then need to be reviewed by an advisory council, says Julian Muller, head of IT operations at The National Archives.
The Advisory Council on National Records and Archives, which is made up of 18 members, decides whether the public interest is in favour of opening the record or continuing to protect it.
Essentially, the council advises the Secretary of State for Culture, Media and Sport on issues relating to access to public records and represents the public interest in deciding what records should be open or closed.
Access to The National Archives systems is through a secure virtual private network (VPN), with advisory council members logging in using multi-factor authentication. Previously, following government security frameworks and best practice policies and procedures, the advisory council members were provided with a locked-down PC.
To support the level of security required, Muller says: “We had to set up a corporate account for the advisory council members and give them IT equipment.”
Documents were shared with users through secure email, but this was a heavily manual process and created an IT overhead, according to Muller.
“One of the problems we faced on a continued basis is that the advisory council is not always in session,” he adds.
This meant the locked-down corporate PCs advisory council members were given remained unused for periods of time, creating further support issues for IT. “They required a continued level of support, and it was also frustrating for the users,” he said.
Muller says council members often found they would lose access to The National Archive domain because they only used the equipment periodically.
In addition, Advisory Council members sometimes forgot how to log on, and Muller says resetting their passwords remotely was not an easy task.
“If there was a problem with the equipment, we would have to courier it back and forth so that our team could fix it. That added to our overheads and inconvenienced the council members. The fact that our hardware and operating system were unfamiliar to many was also a problem,” he said.
The National Archives selected Egress Secure Workspace to enable advisory council members to collaborate securely using their own devices.
Among the reasons Egress was selected was that it was already being used by other government departments and had government accreditation such as ISO 27001.
Muller says the IT security manager at The National Archives ran a security assessment based on an Egress trial and looked at the protocols that were in place to meet the National Archives’ security requirements.
After trialling the software and reviewing its security, The National Archives implemented Secure Workspace to provide an encrypted environment to share documents and collaborate with the advisory council.
Supporting business processes
Muller says The National Archives used Egress to configure its system to support the business processes required by the advisory council.
When an FoI request requires consultation with the advisory council, The National Archives’ central office uploads the documents to a new folder in a secure zone, where a panel of three council members can review and comment on documents securely.
All council members have specific permissions and access to the zone. However, only the council members involved in each specific panel have access to that panel folder and, as external users, they have no access to the National Archives’ internal intranet. The advisory council also use Egress Secure Workspace to manage administrative information, such as meeting agendas.
Discussing the benefits, Muller says: “It has improved efficiency for our panel members, who are able to use their own equipment to access files via Secure Workspace, which in turn has freed our IT Team from the time and expense of supporting remote equipment. Overall, our FoI management process has become simpler and easier.”
With the successful implementation of Secure Workspace for their FoI requests, The National Archives is now looking to other areas where the technology could help them become more efficient.
“As many government departments are also Egress users, there are plenty of opportunities where we can improve other processes,” says Muller.
“For example, we’re currently looking at how we could use Secure Workspace or Egress Email and File Protection to share scans of documents with other government staff, allowing them to access the information they need while we retain the hard copy.
“Looking ahead, we’ll continue examining areas of the organisation to see where we could implement the technology to further improve efficiency and maintain our high levels of security, and we look forward to working with Egress on this,” Muller adds.
Read more about secure collaboration
- Given the diversity of devices people can use for work, IT needs to look at how it can unify device security.
- In order for healthcare providers to effectively work together on patient care, collaboration tools must be interoperable and comply with HIPAA to protect PHI.