Is It Safe and Secure to Access Government Records Remotely?With so many government workers teleworking due to the COVID-19 pandemic, records-related security concerns are especially pressing right now. Beyond the admittedly helpful ability to access electronic records remotely, is it still safe and secure to do so?

The answer to that question depends largely on the processes, policies, and technology platforms chosen by the agency to handle their electronic records management. That said, in general, this is one reason why the National Archives and Records Administration (NARA) wants to migrate to electronic forms of records management in the first place: “[Electronic record keeping] will help ensure security of critical records, NARA writes.

We discussed the principles of records security in our previous article, “How to secure electronic records.” But when it comes to federal employees working remotely, what do users need to think about in order to store, access, and use government records securely?

The security of storing and hosting the records

All records should be encrypted both while in storage and in transit, so that if they are intercepted or breached, they will remain indecipherable and unusable to the hackers. The Federal Information Security Management Act of 2002 (FISMA) establishes that federal agencies should use FIPS 140-2 validated encryption cryptography. That means the document management platform and cloud host both need to meet FISMA requirements.

In practice, this typically means using providers and vendors that have been pre-certified for use with government data. This is why GSA Schedule 36 is useful for procuring records management-related vendors and services. And services like Amazon GovCloud, for example, are designed to comply with an array of security regulations and guidelines, including Federal Risk and Management Program (FedRAMP) High Department of Defense Security Requirements Guide (DoD SRG) Impact Level 5, and Criminal Justice Services (CJIS). In other words, hosting providers like Amazon GovCloud are pre-built to meet all the requisite security compliances to store sensitive records.

The security of accessing the records

Not every worker should have access to all records. Instead, apply roles-based access controls. Such controls help to prevent not just unauthorized access but also unnecessary access. Given that many federal agencies deal in confidential, proprietary, and private records every day, letting workers find and manipulate records outside their scope of work just creates unnecessary privacy and security risks. It’s even worse if people have unneeded power to change or, worse, delete records. Make sure your records management platform incorporates access controls.

The security of using the records

Users are both the first line of defense against security breaches and, simultaneously, often the weakest link in maintaining security. Agencies can follow every precaution and security regulation in setting up their document management system, but if users start sharing records through insecure channels like email, the entire effort can be compromised. Instead, use document management platforms that enable secure electronic file sharing, which keeps the record encrypted and allows only the intended recipient to view it.

Further, any approach to electronic records management should incorporate user training so that workers know how to make smart decisions when it comes to using and sharing sensitive records. Now might be a good time to send a refresher on security best practices to any employees who are teleworking.

About PSL

PSL is a global outsource provider whose mission is to provide solutions that facilitate the movement of business-critical information between and among government agencies, business enterprises, and their partners. For more information, please visit https://www.penielsolutions.com or email info@penielsolutions.com.