CRM/FEDERAL SPECIALTY DOMAIN B.

Domain B. Policy, Compliance, Governance, and Protections (35 Questions)

Domain B covers essential knowledge needed to establish a RIM program that has a governance framework, articulated policy, and clear standards based on legislation, law, regulation, NARA Guidance and industry best practices. Topics also include the methods put in place for risk management, compliance monitoring and imposing protections. Also covered are approaches to determine appropriate remote storage venue for records for COOP, processes for disaster response, obligations to report, and special requests for destruction.

 

  1. Policy, Standards, and Governance Framework

    Identify key RIM responsibilities and obligations of Agencies and NARA as defined in 44 US and 36 CFR.

    Effectively cite U.S. code, C.F.R, OMB M-19-21, NARA bulletins, and agency policy to provide authoritative legal justification for compliance with RIM program requirements policy and procedures.

    Understand the scope and requirements of Presidential Records Management Directive OMB M-19-21.

    Develop and document recordkeeping requirements for the creation of agency records.

    Understand requirements and develop an email policy compliant with 44 USC, 36 CFR, and NARA Guidelines.

  2. Compliance, Control, Risk, and Continuity

    Conduct records management audits, inspections, and risk management assessments. Determine appropriate remote storage venue and media for vital records for COG/COOP.

    Develop agency-wide processes to be prepared for disaster response and implement actions for records.

    Understand the allowable conditions and when to report the emergency destruction of Federal records per 36 CFR 1228.

    Understand agency obligations and how to investigate and report instances of unauthorized disposition and alienation of records to the Archivist of the United States.

    Report unauthorized destruction of records to NARA.

  3. Security and Protection

    Manage information access requirements for agency FOIA and Mandatory Declassification Review programs.

    Impose information controls: National Security Classified and Controlled Unclassified Information (CUI).

    Implement RIM policies and processes to comply with Privacy Act. Understand the function of the Privacy Impact Assessment (PIA,) the specifics of a “System of Records” and System of Record Notice (SORN).

    Develop and assess Agency-wide and component-level policies to protect records and information from internal and external threats.