Information is essential in the defence industry. It allows the effective management of operations and projects. Yet, this information is often highly confidential. The MoD sets guidance and the industry-standard around information capture and storage.
Having quality information is key to supporting decision-makers. And thus, managing it as the important asset that it is. Information management ensures governance structures, mechanisms and resources are in place.
For example, projects that create supportability engineering need to manage information through its life. Whether held in databases, released in documents, within emails etc.
To meet the MoD’s legal duty of care obligations it is a requirement that on all projects, external suppliers manage the information created to legal mandates on the management and disclosure of information including:
- Public Records Act (PRA) (1958 and 1967)
- Data Protection Act (DPA) (1998)
- Environmental Information Regulations (EIR) (2004)
- Freedom of Information Act (FOIA) (2000)
The MoD also mandates the use of the Logistics Coherence Information Architecture (LCIA). This is to achieve consistency in these projects.
Working with the MoD, suppliers need to bear in mind:
- Processes relating to information management are in a handbook on the MoD’s website.
- Information created during the life of the solution. This information needs to be in a repository.
- Accessibility of information is important: universal access from front-line to industry.
- Any project using exchanging or storing information must use existing Log IS systems. This ensures consistency and interoperability of data and use of open standards.
- Documents (letters, publications, websites, spreadsheets and databases) and many types of recording media (paper, electronic files, video files) managed to JSP 747.
- JSP 441 defines the policy for MoD records management.
Data breaches are still occurring in the defence sector. The Pentagon reported that January 2016 – February 2018 6% of US military and aerospace contractors reported a data breach.
While cyber breaches make the headlines, it’s not the only way breaches occur. Often it is due to regulatory requirements and essential, yet complex audit trails.
Defence Digital and Information Technology (D&IT) function
This function is part of the MoD. It leads to the delivery of transforming digital and information capability. It ensures projects are secure, integrated and easy to use. Projects are at scale and pace to ensure sustainable military and business advantage.
The goals of D&IT are:
- Digitise the battlespace
- Deliver responsive cyber defence
- Promote information-led wider business transformation
- Provide more effective and efficient IT services
- Build a capable and cohesive function
The function believes these goals will achieve the following benefits to the MoD:
- Improved decision support and more effective Command and Control
- Simpler, more effective and cheaper processes
- IT efficiency through fewer cost and schedule overruns
- Service reliability and quality with a reduction in system outages
- Reduced risk of loss of sensitive data
- Information and analysis driving greater insight and decision-making
- Staff satisfaction, retention and quality
The MoD sets the agenda for the UK defence industry. All organisations lead back if not to the MoD, or their international equivalent. Becoming digital with your data, both archived records and at the point of generation, is key. Not only having effective document management but aligning with the MoD’s strategy.
Identification and storage of:
All used in the manufacture, procurement and maintenance of products. The unique marking and retention of records are possible. This creates a traceable, historical path of the life cycle of defence equipment.
Traceability is the ability to verify the history, location, or application of an item. Using documented recorded identification.
This traceability helps prevent the spread of fraudulent and counterfeit material. This impacts the performance of defence equipment. As well as the financial and reputational losses for suppliers. Standards that try and combat this include BS EN ISO 9001 and BS EN 9100C Section 7.5.3 – identification and traceability and 4.2.4 control of records.
Traceability requirements should be throughout the product life. Often software applications provide traceability. But, the management of physical records is also important.
Effective records management needs to be an integral part of quality management systems. Records show equipment meets the design and safety requirements. This record forms part of the contract between yourselves and the purchaser. This contract might include:
- Clear definition of record-keeping responsibilities and requirements.
- Clear definition of which records to keep. Their retention periods. The form they will take. Often scanned, to BS 10008 standards, but occasionally you’ll need to keep the hard copy master.
- Controls to ensure record integrity, and any updates take place over time.
- Security arrangements to prevent inappropriate access to records and loss.
- Readily retrievable, as needed.
- Stored in a controlled and secure environment.
- Destroyed securely when no longer required.
"Over the next decade, we are committed to spending over £186 billion on equipment and support. Defence has a major role to play in delivering the government’s growth and enterprise agenda – the Ministry of Defence accounts for over 40% of all government spend with industry and our procurement activity includes some of the most complex and technologically advanced projects in the world. We want to encourage Innovation and wider Small and Medium-sized Enterprise participation throughout our supply chain and will continue to pursue policies and practices that make it easier for new and smaller businesses to identify, compete for and win opportunities with the Ministry of Defence. This will help us to deliver our vision of a vibrant, sustainable and competitive UK industrial base."
- Stuart Andrew, Minister of Defence Procurement
Restore have long standing relationships with both the MoD and the NDA. Our scanning and archiving sites meet all the regulation needed to hold highly classified information. Restore Digital provide document digitisation, document management systems and automated workflows for many organisations in the defence industry, but government and commercial.
How can Restore support you?
Quality has always been a crucial part of the defence sector. The fundamentals of control, inspection, assurance and quality management are vital. They are often recognised as part of the ISO9000 family. The MoD, have a strict policy of “appropriate certification”. They prefer to work with suppliers with certified business management systems.
ISO systems in themselves don’t address all the MoD’s requirements. AQAPs are often used as supplementary evidence.
Restore has worked with the defence and military industry for many years. We have a broad spectrum of customers from the industry providing support on their digital journey. From:
- Homelands security
Restore are a trusted partner for highly sensitive information. with stringent compliance and regulatory environments.
Restore have worked with both the MoD and NDA and hold Place of Deposit Status. We also have certification in or work to the following standards:
- ISO9001:2008 – Quality Management System
- ISO14001 – Environmental Management System
- ISO 27001 (Information Security Management System) (formerly BS 7799)
- BS EN 7858 – Security Screening
- PD5454:2012 – Guide for the storage and exhibition of archival materials
- BS 10008 – Evidential Weight and Legal Admissibility of Electronic Information.
- ISO 20000 (ITIL) – Our Systems are ITIL compliant and, whilst we do not currently hold the certification, our processes do follow best practice. We intend to become certified soon.
- Restore hold ISO 22301 Business Continuity Management (BCM)
- ISO 270035:2011 (Information Security Incident Management) – Restore have incident management policies and processes but are not currently certified
- IG Toolkit Compliance.
- NHS Digital Data Security & Protection Toolkit We have completed the online assessment to assure we are practising good data security and handling personal information correctly.
We are the go-to company for scanning highly sensitive and confidential records. We can digitise any document, including:
- CAD files
- Technical drawings
- Aperture cards
- Book scanning
- Fragile documents
Document management systems
Digitised paper records benefit from a secure cloud-based or on-premise system. It allows you the agility to access your information on any device in any country. This is essential for flexible working.
Restore offer two different EDRM systems. We will work with you to find the solution that best suits your organisation.
Our consultancy team can work with you to decide and install a bespoke version of either system. We will work with your IT Teams and security parameters.
Both systems have a trackable history. This provides a full audit trail. You can set permissions and rule-based actions, such as retention periods. You can configure both to support and enable automation and RPA. They can provide an easy way to introduced automated workflows.
Understand and access your information. Be better able to respond to any information requests. This includes SARs, audits or legal enquiries.
Find out more by visiting our Defence and Aerospace home page on our website.