The National Archives is the official archive and publisher for the UK Government and plays host to one of the largest collections in the world, from the Domesday book right through to modern Government digital papers.
While not all records are open to the public, anyone around the world can make a Freedom of Information (FoI) request for access to a closed record. Upon receipt of such a request, The National Archives undertakes a review of the access status and sensitivity of the record in consultation with the transferring department.
The office receives more than 2,500 such requests every year, and some of these require the advice of the Advisory Council on National Records and Archives to decide whether or not the public interest is in favour of opening the record or continuing to protect it.
Julian Muller, head of IT Operations at The National Archives, has explained the practical challenges inherent in this process. “The Advisory Council typically has up to 18 members around the country drawn from the public, private and third sectors who have expertise relevant to the Council’s work. Members of the Advisory Council are assigned to panels to review individual cases. These records are sensitive so we need to be able to share that information securely with these remote users.”
To deliver the right level of security, The National Archives had previously provided the Council’s members with their own equipment, which then had to be supported and maintained by the central IT function. Documents were shared with users through secure e-mail, but it was still a heavily manual process.
Muller explained: “If there was a problem with the equipment, we would have to courier it back and forth so that our team could fix it. That added to our overheads and inconvenienced Council members. The fact that our hardware and operating system were unfamiliar to many was also a problem, and because individuals only used the equipment periodically, they could often forget how to log on. Resetting their passwords remotely wasn’t easy.”
Unsurprisingly, Council members regularly asked if they could use their own equipment instead. However, maintaining the necessary levels of security had previously made this impossible.
Introducing an approved secure workspace
Prior to the FoI project, The National Archives’ IT team members were already aware of the technology offered by Egress, an expert in risk management and data privacy, through the company’s work with other UK central Government departments.
After trialling the software and reviewing its security, The National Archives implemented the Secure Workspace solution to provide an encrypted environment that would share documents and collaborate with The Advisory Council on National Records and Archives.
Now, when a given FoI request requires consultation with The Advisory Council, The National Archives’ central office uploads the documents to a new folder within a secure zone, whereby a panel of three Council members can review and comment on documents securely. All Council members have specific permissions and access to the zone, although only the Council members involved in each specific panel have access to that panel folder and, as external users, they have no access to The National Archives’ internal Intranet. The Advisory Council’s members also use Secure Workspace to manage administrative information, such as meeting agendas.
Delivering benefits for all
“It was the right choice for The National Archives to adopt Secure Workspace,” observed Muller. “It has improved efficiency for our panel members, who are able to use their own equipment to access files via Secure Workspace, which in turn has freed our IT team from the time and expense of supporting remote equipment. Overall, our FoI management process has become simpler and easier.”
With the successful implementation of Secure Workspace for FoI requests, The National Archives is now looking to other areas where the technology could help them become more efficient.
“As many Government departments are also Egress users, there are plenty of opportunities where we can improve other processes,” outlined Muller. “For example, we’re currently looking at how we could use Secure Workspace or Egress E-mail and File Protection to share scans of documents with other Government staff, allowing them to access the information they need while we retain the hard copy.
In conclusion, Muller informed Risk Xtra: “Looking ahead, we’ll continue examining areas of the organisation to see where we could implement the technology to further improve efficiency and maintain our high levels of security.”