End User Procedures
WHO SHOULD KNOW THESE PROCEDURES
All users of the VCU ImageNow system are responsible for knowing this procedure and familiarizing themselves with its content.
1. Procedure for Document Retention: Documents stored in the VCU ImageNow System must be retained and destroyed in accordance with VCU Records Management Office procedures and time periods listed in the Library of Virginia’s Retention and Disposition Schedules.
- ImageNow Department Lead identifies the type of documents that her/his department stores in the VCU ImageNow System as well as any applicable retention schedules.
- ImageNow Department Lead or an appointed ImageNow User maintain documentation that details her/his department’s process of retaining and destroying VCU ImageNow System documents.
- If manual document destruction is preferred, Department Lead or appointed ImageNow user will be responsible for querying, selecting and purging records from the VCU ImageNow System. If not, use of Retention Policy Manager is recommended. ImageNow Department Lead must provide the following requirements to Department of Business Application Services staff for configuration:
- Type of documents (e.g. transcript, invoice, personnel action form)
- Retention schedules
- Events to trigger a retention-related action
- A RM-3 certificate of record destruction is to be completed by the ImageNow Department Lead or an appointed ImageNow User and approved by the VCU Records Manager prior to purging original documents from the VCU ImageNow System.
2. Procedure for Quality Assurance: Documents stored in the VCU ImageNow System are to be assessed after capture and before destruction of original to assure quality is within the Library of Virginia’s Digital Imaging Guidelines. Towards that end, the following responsibilities and duties are directed as followed:
- Department Lead and appointed ImageNow Users must ensure that the imaged records are accurate copies of the originals.
- Department Lead and appointed ImageNow Users must maintain a quality control process in place to certify that the imaged records are visually inspected for legibility and integrity, as well as an indexing system to allow for easy access and retrieval.
- Paper documents scanned or digital documents (e.g. email, PDF) converted to VCU ImageNow System (TIFF) format must met the minimal standards for archival image quality set forth by the digital imaging guidelines. For example, text materials are to be imaged at 300 to 600 dots per inch.
3. Procedure for Business Continuity: ImageNow departments are expected to maintain written documentation detailing ImageNow System usage to ensure business continuity. Departmental written documentation shall include:
- Training materials provided for new staff whose responsibility involves the ImageNow System. This may be included as part of departmental standard operating procedures.
- Test plan to be executed in preparation for updates of the ImageNow System and integrated systems.
- Alternative business procedures to be used during planned and unplanned ImageNow System downtime.
- Routine and emergency contact information for the delegated ImageNow Department Lead(s) and ImageNow System Administrators.
For an example, see the Virginia Department of Emergency Management continuity plan template.
4. Procedure for Creation and Maintenance of User Accounts:
- ImageNow User accounts
- Access to ImageNow records is determined by the Department Leads. There is no automated process for user account creation or granting of application privileges for VCU constituents. Investigative access requests are handled on a case by case basis. Exceptions should be submitted to the CIO (email@example.com) or Director of Application Services (firstname.lastname@example.org) in Technology Services for review and approval.
- All user accounts are based on VCU eID.
- Access for new users must be approved by an ImageNow Department Lead in the area responsible for record ownership. For example, access for a fiscal administrator to Accounts Payable invoices in ImageNow/WebNow must be approved by an ImageNow Department Lead in Procurement Services - Accounts Payable.
- The ImageNow System Administrators will disable access when:
- Requested by the area responsible for record ownership.
- Requested by ImageNow department lead in the same area.
- Requested by supervisor of the user.
- Official notification is received from the Technology Services CIO or ISO that there has been security breach, misuse of the account, or other critical situation.
- Upon receipt of failure to deliver email notice resulting from an ImageNow email update about upcoming system maintenance.
- The ImageNow System Administrators will maintain primary responsibility for adding, changing and removing access.
- ImageNow Department Leads are responsible for verifying current users and groups memberships during the annual security review based on reports provided by ImageNow System Administrators.
- Elevated Privilege accounts
- Elevated privileges denote permissions to make system changes that are global or beyond the scope of a user’s department.
- To illustrate and maintain a separation of duties, any ImageNow System user granted elevated privileges will receive a secondary account with those permissions excluding the record management permissions associated with her/his primary account.
- Elevated privileges:
- are granted on a case by case basis
- are not guaranteed
- can be temporarily assigned
- receive heightened audit logging
- can be revoked at any time if deemed warranted by ImageNow System Administrators
- System accounts
- For system integration purposes such as email, generic accounts can be used by the ImageNow System as system accounts to communicate with other applications.
- ImageNow Department Leads are responsible for creation, maintenance and password management of any account that will accessed by the ImageNow System.
Do I still need to complete a RM-3 form before purging ImageNow records?
Yes, before destruction a RM-3 form must be:
- Filled out and should be accompanied by a Certificate of Destruction if available
- Signed by the departmental approver (e.g. Department Head or delegated authority)
- Sent to and signed by the Record Officer
Upon receipt of RM-3 form signed by Record Officer and after record destruction:
RM-3 form must be signed and submitted by the departmental official affirming that the ImageNow record purge has been completed.
Can members of my department use a shared account setup in ImageNow?
Sharing of user accounts is not allowed in the VCU ImageNow System. Only one person per account shall be permitted. User accounts and passwords should never be shared with anyone other than the person for whom they were created. If it is determined that an account is being shared, reasonable corrective actions will be taken. The Department of Business Application Services staff will report the violation to the account owner and if appropriate, ISO.
Will a rationale be provided for denied or revoked elevated privileges?
Yes, a written explanation will be provided in response to a denied request for elevated privileges or revocation of elevated privileges. The Department of Business Application Services staff will report the violation to the account owner and if appropriate, ISO.
How can manual destruction apply to a digital records information system?
In this context, 'manual' means not automated. A system user would query, select and delete digital records in this method. See Retention Policy Manager definition for the automated method.
The document stating guidelines, standards and expectations for a specific task, role, or process.
Person(s) authorized by an ImageNow Department Lead to manage, process and/or view records and workflow in the VCU ImageNow System.
The fiscal, personnel and student information system currently used at VCU.
Chief Information Officer (Technology Services)
Within the context of this document, elevated privileges are privileges granted to allow specific administrative access and tasks to be performed in ImageNow.
ImageNow Department Lead
Person(s) designated by a University department to request, approve or deny department-specific changes in ImageNow.
ImageNow Retention Policy Manager
VCU ImageNow System feature that monitors retention policies and coordinates with other system agents to execute the final disposition of documents. In addition, this feature can remove retention and export from hold sets after these sets are complete.
ImageNow System Administrator
Person(s) designated by VCU Technology Services to manage ImageNow configurations and user security.
Person(s) approved by an ImageNow Department Lead and granted a system account to manage, process and/or view records and workflow in the VCU ImageNow System. Within the context of this document, all users of the VCU ImageNow System, including faculty, staff, student workers, and affiliates.
Information Security Officer
Records Management Office
Department responsible for policies and procedures on preservation, maintenance and disposition of University records in compliance with Library of Virginia. The VCU Records Officer oversees the VCU Records Management Office.
Person designated to oversees the Records Management Office.
Within the context of this document, accounts that allow login to the ImageNow System.
Virginia Commonwealth University
The standard electronic credentials used by VCU employees, students, and affiliates to access various VCU systems including but not limited to email, VCU ImageNow System, and Banner.
VCU ImageNow System
The enterprise content management system designated for storage of administrative University documents excluding the Health System. The VCU ImageNow System includes ImageNow, WebNow (ImageNow web access) and eForms (ImageNow web forms).
This article was updated: 01/7/2020