The National Archives is the official archive and publisher for the UK Government and has one of the largest collections in the world, from the Domesday book to modern Government digital papers. While not all records are open to the public, anyone around the world can make a Freedom of Information request for access to a closed record. Upon receipt of an FOI request, The National Archives undertakes a review of the access status and sensitivity of the record in consultation with the transferring department. The office receives more than 2,500 requests a year, and some of these require the advice of the Advisory Council on National Records and Archives to decide whether the public interest is in favour of opening the record or continuing to protect it.
Challenge of secure document sharing for remote users
Julian Muller, Head of IT Operations at The National Archives, explains the practical challenges inherent in this process: “The Advisory Council typically has up to 18 members around the country drawn from the public, private and third sectors who have expertise relevant to the Council’s work. Members of the Advisory Council are assigned to panels to review individual cases. These records are sensitive so we need to be able to share that information securely with these remote users.” To deliver the right level of security, The National Archives had previously provided the Council members with its own equipment, which then had to be supported and maintained by the central IT function. Documents were shared with users through secure email, but it was still a heavily manual process. Muller explains the implications: “If there was a problem with the equipment we would have to courier it back and forth so that our team could fix it. That added to our overheads and inconvenienced the council members. The fact that our hardware and operating system were unfamiliar to many was also a problem, and because they only used the equipment periodically they could forget how to log on. Resetting their passwords remotely was not easy.”
Unsurprisingly, Council members regularly asked if they could use their own equipment instead, however maintaining the necessary levels of security had previously made this impossible.
“It was the right choice for The National Archives to adopt Secure Workspace. It has improved efficiency for our panel members, who are able to use their own equipment to access files via Secure Workspace, which in turn has freed our IT Team from the time and expense of supporting remote equipment. Overall, our FOI management process has become simpler and easier.”
Julian Muller, Head of IT Operations, The National Archives
Introducing an approved secure workspace
Prior to the FOI project, The National Archives’ IT team were already aware of the technology offered by Egress, experts in risk management and data privacy, through their work with other UK Central Government departments. After trialling the software and reviewing its security, The National Archives implemented Secure Workspace, to provide an encrypted environment to share documents and collaborate with The Advisory Council on National Records and Archives. Now, when an FOI request requires consultation with The Advisory Council, The National Archives’ central office uploads the documents to a new folder within a secure zone, where a panel of three Council members can review and comment on documents securely. All Council members have specific permissions and access to the zone, however only the Council members involved in each specific Panel have access to that Panel folder and, as external users, they have no access to The National Archives’ internal intranet. The Advisory Council also use Secure Workspace to manage administrative information, such as meeting agendas.
Delivering benefits for all
“It was the right choice for The National Archives to adopt Secure Workspace,” says Muller. “It has improved efficiency for our panel members, who are able to use their own equipment to access files via Secure Workspace, which in turn has freed our IT Team from the time and
expense of supporting remote equipment. Overall, our FOI management process has become simpler and easier.” With the successful implementation of Secure Workspace for their FOI requests, The National Archives are now looking to other areas where the technology could help them become more efficient. “As many government departments are also Egress users, there are plenty of opportunities where we can improve other processes,” explains Muller. “For example, we’re currently looking at how we could use Secure Workspace or Egress Email and File Protection to share scans of documents with other government staff, allowing them to access the information they need while we retain the hard copy. “Looking ahead, we’ll continue examining areas of the organisation to see where we could implement the technology to further improve efficiency and maintain our high levels of security, and look forward to working with Egress on this,” concludes Muller.