North Dakota University System
TwitterFacebook
A-Z Index
Access. Innovation. Excellence.
Colleges & Universities Academics & Activities State Board of Higher Education North Dakota University System News Reports & Information
Students
Policymakers
Business & Industry
Employees
Media
Home
Employees
Printer Friendly Page You are here
NDUS Home  |  Employees  |  Policies and Procedures  |  NDUS Procedures


NDUS Procedures



 << return 

SUBJECT: 1900s: Miscellaneous EFFECTIVE: January 22, 2009
Section: 1901.4 Imaging Procedures

Purpose.

The purpose of this procedure is to establish an imaging procedure for all NDUS institutions that create, use, and manage digital images on optical imaging systems.

Definitions.

Annotate/annotation: In the digital imaging community the term annotation is commonly used for visible metadata superimposed on an image without changing the underlying raster image (raster image or bitmap is a data base structure representing a generally rectangular grid of pixels, or points of color, viewable via a monitor, paper, or other display medium. Raster images are stored in image files with varying formats), such as sticky notes, virtual laser pointers, circles, arrows, and black-outs.

Audit trails: A log showing who has accessed a computer system and what operations that person performed on the data during a given period of time.

Compression: Encoding information using fewer bits to save storage space.

Decompression: Restoring compressed data to a readable format.

Document Imaging System: A system used to store document information electronically by recording a digital reproduction of a scanned document.

FERPA: Family Educational Rights and Privacy Act. Generally applies to student information.

GLBA: Gramm Leach Bliley Act. Generally applies to financial information.

HIPAA: Health Insurance Portability and Accountability Act. Generally applies to health information.

Indexing: Assignment of a unique pointer enabling quick retrieval of related record(s).

Metadata: Structure data about data. Metadata describes the content and structure of the digital image and the context of its creation. As an example, metadata describes how, when and by whom a particular set of data was collected and how the data was formatted.

Migration: The process of translating data from one generation of technology to another while maintaining the functionality.

Non-Proprietary File Format: A file format that is in the public domain and which can be used by anyone without buying a special use license.

Record: For purposes of document imaging systems, it is the digital image file.

Retention and Disposal Policy/Procedure: A schedule that identifies how long records must be retained to satisfy administrative, fiscal, legal, and historical requirements.

Procedure Summary.

To ensure that digital document imaging systems and information created are accurate and secure, the following are to be present in an imaging program:
  1. Institutions shall employ procedures that comply with standards established by the NDUS and also defined in procedures for managing digital images.
  2. Institutions shall create and follow documentation that outlines and describes system hardware and software specifications and written policies and procedures that document the creation, maintenance, use and preservation of digital images within the system.
  3. Training schedules that include initial instruction as well as regular, ongoing retraining must be implemented to ensure that employees understand the policies and procedures and any changes that may occur.
  4. Audit mechanisms to monitor the reliability and authenticity of the digital images must be activated, understood, and used.
  5. Hardware and software shall be monitored for reliability, integrity and security of the system.
  6. Institutions must periodically review all document imaging policies, procedures and guidelines making necessary updates to meet regulatory changes.


Procedural Requirements.

  1. NDUS institutions must adhere to NDUS Procedure 1901.2 Computer and Network Usage and NDUS Procedure 1912.1 Information Security Procedures when document imaging systems are implemented and operational.
  2. The NDUS CIO is authorized to develop and publish standards for the NDUS institutions. Institutions implementing, or outsourcing a document imaging system must have the approval of the campus CIO, or individual acting in that capacity, and in turn must have approval or acknowledgement of its existence from the NDUS CIO. When outsourced, the vendor must adhere to any relevant NDUS/Institutional policies.
  3. Individual institutions are expected to develop policies and procedures to address those environments unique to their campus. Such policies or procedures may not be contrary to the express terms or the intent of the NDUS policies and procedures. Institution policies and procedures shall be distributed to all personnel involved in the imaging program.
  4. Institutional document imaging system server hardware and software must be located in the institution's data center or similar "server farm" where: proper security, patches, and upgrades can be applied; hardware and software can be monitored; and backups are performed as part of the institutions normal routine.
  5. Institutions must design backup procedures to create secured copies of digitized images and their related indexes. Backups must include an off-site storage copy. Backup media are intended for disaster recovery purposes only. They should not be used for ongoing storage, record access by the users, or any other purpose.
  6. Regular testing of the system's performance and reliability for hardware and software shall be performed and documented, including a regular test of the backup and restore function.
  7. An institution's document imaging program must identify a person or persons to manage the operation of the program and the training of assigned personnel.
  8. Institution operating procedures must include visual inspection to verify the completeness and accuracy of the scanning process. Individuals performing the scanning function may delete a scanned document should the document not scan properly; however, they must not have access to delete a document once it is saved into storage. System shall conform to the standard methodology for media error detection and correction.
  9. Institutions must develop a validation process that requires someone, other than the person scanning the document, to verify that source document's content matches the scanned document prior to disposition of the source document. Validation must be performed using an acceptable sampling technique at least quarterly. Federal regulations may require retention of the paper copy for one year even though it has been verified in the system as being stored properly. See Federal Acquisition Regulation (FAR) 4.703(c)(3).
  10. An indexing system database shall be used that provides for efficient retrieval of the digital images stored in the system. Essential image metadata/profile data describing the content and structure of the digital image and its context of creation shall be included within the digital image or linked to it.
  11. Digital images that are the records of documented business processes shall be linked to the process that created them.
  12. Institutions must establish procedures for ensuring that only authorized personnel create, copy, annotate, or access digital images within the system. Logins and passwords must be assigned to each individual, must not be shared, and must comply with all requirements set forth in NDUS Procedures 1901.2 and 1912.1.
  13. Digital images shall be saved in a non-proprietary file format, be stored in a controlled environment, and be clearly labeled.
  14. If the image files need to be compressed due to size, non-proprietary compression and decompression methods shall be used.
  15. All digital images shall be listed on an Institution's retention and disposal policy/procedure. Records that are created by and stored on an imaging system shall be disposed of only in accordance with an Institution's retention and disposal policy/procedure.
  16. Institutions shall develop specific plans and procedures for an ongoing process of migrating digital images of continuing value to newer hardware and software and to new storage media.
  17. All users of the document imaging system shall be required to undergo basic training on handling and use before they may operate the institutionally designated system(s). Individuals who perform the scan or validation function shall have additional training on document quality assurance. Logs of individual training must be maintained by the person or persons designated for managing the system.
  18. The system shall be routinely checked to ensure that it accurately and reliably reproduces all original documents, and equipment maintenance logs must be kept to document that regular maintenance checks have been performed.
  19. Annual reviews of existing policies must be made to ensure record maintenance, safety, and authenticity has been met to comply with HIPAA, FERPA, GLBA and privacy laws.
  20. Systems audit trails documenting who accessed the data and when are required and must be activated, maintained, and available for review. Institutions shall develop procedures to ensure audit trail data is being captured. The audit trail data shall include the who, when, and what for the previous twelve months.
  21. For security reasons, access to document imaging systems must have the capability to "lock-out" password/user ID's who make repeated attempts to sign-in and must have this feature activated.

History:
New Procedure, Chancellor's Cabinet Meeting, January 22, 2009.
Bismarck State CollegeDakota College at BottineauDickinson State UniversityLake Region State CollegeMayville State UniversityMinot State UniversityNorth Dakota State College of ScienceNorth Dakota State UniversityUniversity of North DakotaValley City State UniversityWilliston State College
Contact Us  |   Privacy Policy  |   Disclaimer  |   Accessibility  |   Security Policy