Versions Compared

Version Old Version 26 New Version Current
Changes made by

Larry Talley - NOAA Federal

Larry Talley - NOAA Federal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

The proposed identity assertion, person proofing, and registration starts with a permit holder completing a NMFS electronic logbook agreement, establishing a linkage between the permit, the permit holder, and the fishing vessel operator who is authorized to submit electronic logbooks for that permit. more?_..._ (See Identity Assertion, Person Proofing and Registration for a broader discussion of these issues and alternatives.)

...

NARA's Records Management Guidance for Agencies Implementing Electronic Signature Technologies section 4.1 establishes characteristics of trustworthy records in terms of reliability, authenticity, integrity, and usability. NARA advises that these characteristics are a matter of degree. Transactions that are critical to the agency business needs may need a greater assurance level that they are reliable, authentic, maintain integrity and are usable than transactions of less critical importance.

  • Reliability is established by capturing the content and context of the transaction and recording that content and context in database tables through a mechanism which allows inserts but which disallows updates or deletes.
  • Authenticity is established by checking logbook-related data elements against permit-related data elements, and adding the results of that validity check as a part of the context of the logbook record, stored in the database through a mechanism which allows inserts but which disallows updates or deletes.
  • Integrity is established by the database mechanism which allows database inserts but which disallows updates or deletes.
  • Usability is established by the linkages among the permit records and the logbook records and the e-signature receipts. Using these linkages it is possible to connect the signer and the time of the signature with the details of the signed transaction.

NARA's Records Management Guidance for Agencies Implementing Electronic Signature Technologies The guidance document section 4.2 states "for a record to remain reliable, authentic, with its integrity maintained, and usable for as long as the record is needed, it is necessary to preserve its content, context, and sometimes its structure." The proposed e-signature enabled system preserves content (logbook data), context (audit trail data and permit data), and structure (links among related tables) .NARA's Records Management Guidance for Agencies Implementing Electronic Signature Technologies describes two approaches to ensuring the trustworthiness of electonicallyby maintaining a historical record of all changes to its database tables.  Updates to the data result in inserts into history tables, leaving the prior values intact in the history records.  Deletions of data result in insertions into history tables that indicate that the prior data is no longer valid.  But in all cases, the history records allow reconstruction of a point-in-time view of the data.

The guidance document section 4.3 describes two approaches to ensuring the trustworthiness of electronically-signed records over time. This e-signature implementation will maintain documentation of record validity (including trust verification records, or audit trails) gathered at or near the time of record signing (the first approach specified).

The agency will address NARA's guidance document section 4.4 describes steps to ensure trustworthy electronically-signed records as follows:

  • Create and maintain documentation of the systems used to create the records that contain electronic signatures.
    The Hawaii Longline Logbook system will be thoroughly documented with particular attention to e-signature aspects and audit trails that establish the trustworthiness of the e-signature.
  • Ensure that the records that include electronic signatures are created and maintained in a secure environment that protects the records from unauthorized alteration or destruction.
    The eLogbook data, and the audit trail data supporting the trustworthiness of the e-signature, will be stored in a database are implemented with the history mechanism described above to protect the records from unauthorized alteration or deletion.  Furthermore the database is secured according to industry norms for important government data, including regular offsite backup and periodic permanent archiving of backups.
  • Implement standard operating procedures for the creation, use, and management of records that contain electronic signatures and maintain adequate written documentation of those procedures.
    Standard operating procedures will be implemented for the creation, use and management of these records.
  • Create and maintain records according to these documented standard operating procedures.
    The new standard operating procedures will be diligently followed. 
  • Train agency staff in the standard operating procedures.
    Agency staff will be trained.
  • Obtain official disposition authorities from NARA for both the records that contain electronic signatures and for the associated records which are necessary for trustworthy records.
    Electronic data submission adds audit trail data to the logbook records already covered under file series 1505-11 (Catch Statistics Files), and, established establishes a link to an associated file series 1504-11(Fishing Vessel Permit Files). File series 1505-11 (Catch Statistics Files) is sufficiently broad to accommodate the addition of audit trail data. The existing retention and access policies do not need to be revised, as the new audit trail data elements are component parts of the same database which stores the logbook records.   File series 1504-11 (Fishing Vessel Permit Files) provides disposition authority for the associated permit records which are used to establish confidence in the identity of the party applying an e-signaturee-signature, and that file series needs no changes as a result of this new association.

Other considerations raised in NARA's Records Management Guidance for Agencies Implementing Electronic Signature Technologies the guidance document include:

  • 5.1 What new records may be created by electronic signature technology? and 5.2 How do agencies determine which of these electronic signature records to retain?
    The e-signature proposed does not create new types of records. It does add new data elements to existing records and create new associations between existing file series, but in this case the file series involved have been reviewed and no changes to existing retention and access policies are necessary. (The the guidance document was apparently written to cover a wide range of electronic signature technology; the e-signature technology proposed is on the simple end of the scale of technical sophistication.)
  • 5.3 Transferring electronic signature record material from contractors to agencies.
    Not applicable.
  • 5.4 When must an agency modify its records schedule to cover electronic signature records?
    No modification to the record schedule is necessary, as new records are not created by this e-signature, the e-signature itself requires no change to retention periods, and the e-signature does not significantly change the character of the record.
  • 5.5 Special considerations relating to long-term, electronically-signed records that preserve legal rights.
    The e-signature proposed does not depend on technologies or formats which are likely to become obsolescentobsolete. The e-signature, it's associated audit trails, and the receipt are all stored as human readable text in relational database tables.
  • 5.6 NARA requirements for permanent, electronically-signed records.
    These are not permanent records, but, note that the receipt, which is stored as part of the e-signature, does contain the printed name of the signer as well as the date when the signature was executed.

...