A help file to assist you with using the free Information Auditing software available from the ‘Information Auditor 2.3 link above.
Before you can start initiating an information audit, you’ll need to have prepared for it according to the instructions on conducting an information audit. Once you’ve constructed a folder structure it’s time to start planning the information audit.
Initially you’ll need to download and install the Information Auditor. Then double-click on the icon it’s inserted to your desktop, and the following screen ought to appear:
If you find Access is confronting you with numerous security messages, you’ll need to open up Access and create a new, blank database. Then go Tools/Macros/Security and choose the ‘Low security’ level. If your organisation is running appropriate virus scanning software you ought not to be concerned about this – as is mentioned beside the ‘Low security’ setting within Access.
Once that’s done you need to add a bunch of information to it before you can conduct the survey. It chiefly involves populating the tables with data so they automatically appear in the drop-down boxes or just automatically appear. To do this, click on the ‘Options’ button. This screen will appear:
From here you’ll need to insert data to automate the drop-down boxes. The first screen that pops up is the ‘Edit Functions’ data sheet. The default functions are drawn from the Local Government Classification Scheme, if you’re happy using this then continue on to ‘Edit Divisions’. If you’d like to use your own customised folder structure, then delete the ones already there by clicking on ‘Function’ at the top of the data sheet then hitting the ‘delete’ key. From there you can either enter your functions in one by one or copy and paste the data from a spreadsheet. You’ll need to keep doing this for ‘Edit activities’ and ‘Edit activities 2’, only each of these rows will also need the function and activity associated with it entered in as well. An example of a spreadsheet with this functionality can be downloaded here.
Once you’ve completed this the activity drop-down boxes in the main audit pages will show only those activities available for the function selected beforehand.
Keep heading down the buttons on the left, filling out the ‘location’ and ‘division’ tables according to the infrastructure of your organisation. Defaults have been provided for the ‘Status’ and ‘Retentions policy’ tables but do change these according to your organisation’s needs. Finally you’ll need to fill out the ‘Staff’ table. As well as each staff member’s name for the drop-down boxes, the table also asks for user log-in information. If your organisation uses windows, when a user starts up their computer they get asked for a username and password. If you can find out what those user names are, enter them into ‘username’ field. This will enable the software to automatically fill the name of the data enterer as well as defaulting the ‘Responsible officer’ field to the user who is entering the information.
Once all these details are complete, you’re ready to embark on the audit proper. Head back to the ‘Start page’, and click on ‘Audit your information’. The following screen will appear:
This form is specifically designed for data entry, and filling out each record ought to be a breeze. Use the ‘tab’ key to move from one field to the next on the keyboard. Here’s some further information on each of the fields:
File number: Unique identifier for an object, either on the file plan or within the system, be it
an individual record (declared document) or an aggregation of records. The unique identifier is a code (potentially any combination of numeric and alphabetical values) distinguishing an object from others. This can map to the ‘Fileplan ID’ records element in the National Archives
Metadata standard and the ‘Identifier’ tag in e-Government Metadata Standard (eGMS) mapping.Function: This is the top level of your folder structure. In what area does the file before you fit into it? Use the drop-down box to select the most appropriate category. It can map to the ‘aggregation’ element in the TNA Metadata standard and eGMS.
Activity: This is the next level of your folder structure. In what area does the file before you fit into it? Use the drop-down box to select the most appropriate category, which will be restricted to those activities that have been allowed for the functions above. It can map to the ‘aggregation’ element in the TNA Metadata standard and eGMS.
Activity: This is the next level of your folder structure. In what area does the file before you fit into it? Use the drop-down box to select the most appropriate category, which will be restricted to those activities that have been allowed for the function and activity above. It can map to the ‘aggregation’ element in the TNA Metadata standard and eGMS.
File title: The title given to the file to assist in identification, including for retrieval purposes. Select a meaningful title, i.e. one that gives relevant information about the content as an information resource or its significance in a business process. It maps to the ‘title’ element in the TNA Metadata standard and eGMS.
Division: This field covers the area within the orgnisational structure that is responsible for the file. Likely to look a lot like the ‘function’ if your organisations is so structured. You may want to leave this field out. There’s no specified mapping in the TNA metadata standard for this field.
Responsible officer: The person responsible for the content of the resource up to the point of declaration as a record. If you’ve filled out the ‘username’ column in the ‘edit staff’ options, this will default to the current user. It maps to the ‘creator’ element in the TNA Metadata standard and eGMS.
Establishment date: This is an important lifecycle event occurred to a resource identifying vital events for information and evidential purposes. Defaults to today’s. It maps to the ‘creator’ element in the TNA Metadata standard and eGMS.
Review in: This field is to allow the implementation of retention schedules in the ERMS (related to
legislation, policy and business rules) and sets the ‘Next review’ date to be the number of years you choose here from the ‘Establishment date’. It maps to the ‘Disposal time period’ element in the TNA Metadata standard.Electronic location: The container, or folder, within the shared drive folder structure where the records relating to the file reside. This maps to the ‘System ID’ field in the TNA metadata standard and the ‘Identifier’ tag in eGMS.
Physical location: Denoting the existence of physical format information resources only
(plans, boxes, hard copy files, etc.). It maps to the ‘Location’ element in the TNA Metadata standard and eGMS.Status: Use this field to denote the status of a file, be it available, on loan, destroyed or missing. It applies chiefly to physical folders, but if the record is purely electronic, then this could map to the eGMS and TNA metadata standard as ‘Disposal action’.
Notes: Provides notes about the file, and allows for a free text description, providing additional detail that may be more helpful to some users than fields already used. Maps to the TNA metadata standard and eGMS ‘Description’ field.
There are a number of other options on the ‘Start page’. There’s a link to a similar form to the data entry audit form, only more suited to editing data that’s already in the audit. There’s also a link to a pre-formatted report of your audit which only shows limited fields, and a data sheet view of your audit containing all the fields of the audit. You’ll notice there are a number of fields that remain blank. This is in case you’re ever keen to customise the Information Auditor to your specific needs, we can certainly help by adding further fields to the main data entry form.
One reply on “HowTo: Putting the Information Auditor into action”
In confidence.
Hi Adam – we have meet at one of your RM training days – couple of years ago. I used to work for London Borough Newham in Information Governance for 6 years. I now work for the Home Office,as a DP Auditor.
During my time I have devloped an Excel / Acccess application for a Data Protection Audit, simular to your Information Handyman application, but mines not so slick or refined as yours.
Its based on the adquacy / Compliance schema simular to the ICO DP Audit CD.
Mine covers the DP 8 principls and is broken down into 100 questions with DP requirements -DP documented evidence etc.
The 100 questions and responses are in 3 sections which are graded ie must have, needed , good practice compliance,etc.
So – would you be interested in co devloping this further, I forsee that it could be incorporated into a Privacy Impact Assesstment PIA, with even a DP SAR logging management system, simular to your FoIA application.
if the application could be integrated on Microsoft Sharepoint , I see the use of links using the URL’s could even form an Information asset Register for personal information.
welcome your comments
Regards
John Morgan