|
| DOE-STD-4001-2000
C2.2.8. Transferring Records
C2.2.8.1. RMAs shall, using the disposition instruction for the record category, identify
and present those records eligible for transfer. (44 U.S.C. 3103, reference 1.d)
C2.2.8.2. RMAs shall, for records approved for transfer that are stored in the RMA,
copy the pertinent records and associated profiles to a user-specified filename, path, or device.
(36 CFR 1228.188 and 36 CFR 1234.32, references 2.h and 2.o)
C2.2.8.3. RMAs shall, for records approved for transfer and that are not stored in the
RMA, copy the associated profiles to a user-specified filename, path, or device.
C2.2.8.4. RMAs shall, for records approved for transfer, provide the capability for only
authorized individuals to suspend the deletion of records and related profile until successful transfer
has been confirmed. (44 U.S.C. 3105 and 36 CFR 1228.54, references 1.e, and 2.f)
C2.2.9. Destroying Records
C2.2.9.1. RMAs shall, using the disposition instruction for the record category, identify
and present records that are eligible for destruction. (36 CFR 1228.58 and 36 CFR 1234.32,
references 2.g and 2.o)
C2.2.9.2. RMAs shall, for records approved for destruction and for records that have
been transferred, present a second confirmation, within a dialog box, requiring authorized
individuals to confirm the delete command, before the destruction operation of the records and/or
profiles are executed. (44 U.S.C. 3105, reference 1.e)
NOTE:
Backup or redundant copies of records and metadata shall be provided with
disposition instructions or reviewed regularly to ensure that records are not
retained past their retention period. Destruction of data on backup tapes will
comply with paragraph C2.2.9.3.
C2.2.9.3. RMAs shall delete records and/or profiles that are stored in its repository and
have been approved for destruction, in a manner such that the records cannot be physically
reconstructed. (36 CFR 1234.34, reference 2.p)
C2.2.9.4. RMAs shall restrict execution of the records destruction commands to
authorized individuals. (44 U.S.C. 3105 and 36 CFR 1222.50, references 1.e, and 2.d)
C2.2.10. Access Control
C2.2.10.1. RMAs shall provide the capability to define different groups of users and
access criteria. RMAs shall control access to records based on groups as well as individuals
meeting the access criterion/criteria. (36 CFR 1234.28, reference 2.m)
C2.2.10.2. RMAs shall support multiple-user access.
C2.2.10.3. RMAs shall control access to transfer and destroy functions based upon
user account information. (36 CFR 1234.28, references 2.m)
9
|
Privacy Statement - Press Release - Copyright Information. - Contact Us |