On Friday, November 3, the annual e-Records Conference returned for the 23rd year with another record turnout. Co-sponsored by TSLAC and the Texas Department of Information Resources, this year we were able to add a third breakout session to the day’s events and increased vendor support with 33 vendors on-site, six more than the previous conference, making this our largest conference ever.
This year’s e-Records Conference boasted a total of 313 attendees, representing 64 state agencies along with institutions of higher education and 59 local governments including folks from every corner of Texas—North (Wichita Falls), South (McAllen and Edinburg), East (Port Arthur), and West (El Paso).
While the conference is always an amazing opportunity for networking, this year’s theme—“For the Win: Records and Data”—really emphasized the importance of collaboration between those in both fields with sessions spanning from creating a data retention schedule alongside a retention schedule to lessons learned in case studies dealing with cybersecurity, management of records and data, and agency technology transformations.
In the vein of a shared goal, collaboration, and learning, The Texas Record will provide short recaps of the sessions in a series of blog posts.
The first set of recaps starts below, and we will be posting the rest of the session recaps over the next few weeks.
“Welcome” General Session
by: Rebecca Hanna
Amanda Crawford, the Executive Director of the Department of Information Resources (DIR) and Chief Information Officer of the State of Texas, and Craig Kelso, the Director of the State Local Records Management Division from the Texas State Library and Archives Commission (TSLAC) opened the conference by welcoming all 313 attendees to the 2023 eRecords Conference! Amongst the audience, there were many first time attendees who also hold the role as their entity’s records management officer or records liaison.
Amanda started the “electronic records related to data” discussion party, by noting that it is critical for government employees to be good data stewards. When it comes to services that government entities provide, the public only has one option. Amanda stressed the importance of data inventories, data security measures, and considering data governance and effective disciplines and practices before implementing new software, hardware, and artificial intelligence. To close knowledge gaps about data, attendees were encouraged to checkout DIR’s data literacy course and Texas Open Data Portal and attend the DMAC (Data Management Advisory Council) meetings. For state agencies required to designate a data management officer (DMO), Amanda promoted DIR and TSLAC’s guidance document. All recommendations TSLAC seconds!
Keynote Address: Conflict Management for RIM/IG Professionals
by: Rebecca Hanna
The keynote speaker, Azure G. Brown, the Director of Institutional Records & RMO from Austin Community College, was a major fashionable, relatable, transparent, and comical hit! Azure covered the topic of conflict management from an emotional intelligence and self-reflective perspective to ease frustration and mitigate the risk of damaging relationships when dealing with challenges such as obtaining buy-in and getting a seat at the table. One way to do this is to understand the body sensations you experience during a flight, fright, or freeze moment. Understanding those will provide you with a trigger that notifies you to momentarily remove yourself from a situation because during these moments the rational part of our brain is disabled. The Local Government Records Act (LGRA) got a shoutout as a method to obtain buy-in with upper management when Azure stated that “the LGRA made me the Queen of Sheba.” As the agency in charge of supporting the LGRA, we’re blushing. Azure discussed the importance of several tactics in successfully navigating conflict management, such as:
- knowing your conflict style (Azure referenced the conflict animal style);
- listening to the other person’s story, asking the right questions (such as open-ended queries, “tell me about that”);
- reframing your approach from what can’t to can be done;
- using neutral language;
- knowing when to quit; and
- getting clarity on others’ perspective of you that you disagree with.
RSOC: Boots on the Ground for Local Texas Governments
by: Joslyn Ceasar
Jeremy Wilson, DIR’s Deputy CISO (Chief Information Security Office) for Security Operations, discussed the purpose and importance of cyber security operations in the state from the perspective of the Office of the Chief Information Security Office (OCISO).
Wilson’s presentation began with the OCISO’s approach to make Texans more secure. OCISO achieves this approach in four ways:
- Security Services
- Security Operations
- Governance, Risk, and Compliance
- Cybersecurity Coordination
After discussing how often threat actors attempt to access Texas systems, he segued into introducing the Texas DIR Cybersecurity Incident Response Team (CIRT) and their approach— to provide incident response support to various organizations to safeguard the state’s critical assets. Along with an increase of ransomware incidents between 2022 and 2023, data from Sophos (an IT security service) observed that threat actors are spending less time on compromised networks, dropping to five days from nine days in 2022 for ransomware attacks and 11 to 13 days in 2023 for non-ransomware attacks, meaning that threat actors are moving faster than ever before.
Wilson ended his presentation with DIR’s approach to cybersecurity—to empower security professionals, to develop clear policies and procedures when it comes to cybersecurity, and to ensure tools are effective and support your security program. He also discussed the Regional Security Operation Center as well as the Texas Volunteer Incident Response Team or (VIRT).
To determine if your organization is eligible for Regional Security Operation Center Services, please contact RSOCS@dir.texas.gov. If your local government or state agency needs incident response assistance, please contact DIR at 1-877-347-2476 or access the DIR website for more information.
Modernizing Microsoft Governance: A Case Study in Applying Purview Features to an Existing Environment
by: Erica Wilson-Lang
In her presentation Modernizing Microsoft Governance: A Case Study in Applying Purview Features to an Existing Environment, Sarah Holleman of Teacher Retirement System (TRS) walked attendees through the agency’s goals, strategy, and roadblocks as they worked to apply Microsoft Purview labels and policies to an existing SharePoint Online environment, while expanding governance to Teams, OneDrive, and Outlook. The journey started in 2016 when 80% of the agency moved to Microsoft SharePoint on Premise. At that point, files were automatically “declared” records, which meant the file could no longer be altered or moved, and retention periods were applied one to a library. Fast forward to 2021, when Senate Bill 475 was passed, and TRS moved out of the on-premise environment to SharePoint Online—these acted as a catalyst and enhanced the need and desire to be compliant with RIM principles, HIPAA, and other laws.
They started with a clear project scope: to leverage the technology to establish automation for RIM governance in M365, including previously ungoverned repositories Outlook, OneDrive, and Teams. The project plan implemented a Crawl, Walk, Run approach. In the crawl phase, the agency focused on defining requirements, discovering the capabilities of MS Purview, and identifying risks and rewards of the endeavor. In the walk phase, they developed the governance strategy/configuration plans for the different repositories, as well as creating an implementation schedule and change management plan to convey the user awareness and new behaviors necessary for the project to be successful. In the run phase, they plan to deliver agency awareness and training, execute the implementation plans, and adopt an organizational policy.
Holleman concluded the presentation with some lessons learned:
- have a good project manager to help keep everyone on track;
- create timelines, and ask questions;
- plan out what you are going to do with all labels and policies before you start;
- have implementation and communication plans, and be flexible;
- know what you’re testing and when;
- document all your results, and
- know that something will go wrong.