E-records security management at Moi University, Kenya.

Abstract

E-records are vital for the operation of the state as they document official evidence of the transactions of a business, government, private sector, non-governmental organizations, and even individuals. Therefore, e-records generated in organizations and institutions including universities in Kenya are considered a vital resource used as a tool for the administration, accountability, and efficient service delivery. Despite the importance of records to the growth and sustainability of any organization, e-records security management at Moi University seemed to be not well established thus exposing the records to among others, unauthorized access, risks of alteration, deletion and loss and cyber security threats. This study sought to investigate e-records security management at Moi University in Kenya. The following research questions were addressed: How are e-records created, maintained, stored, preserved and disposed? How is security classification of e-records process handled to facilitate description and access control? What security threats predispose e-records to damage, destruction or misuse and how are they ameliorated? What measures are available to protect unauthorised access to e-records? How is confidentiality, integrity, availability, authenticity, possession or control and utility of e-records achieved? What skills and competencies are available for e-records security management? The study employed pragmatic paradigm using embedded case study research design. The target population for the study was one hundred and forty five (145) respondents consisting of top management, deans of schools and directors of Information Communication and Technology as well as Quality Assurance directorates, action officers, records managers and records staff. A complete enumeration of the population was taken, therefore a choice of sample size was not necessary. The data was collected using interviews and questionnaires. The questionnaires were administered to action officers, records managers and records staff, while interviews were administered to top management, deans of schools and directors of Information Communication Technology as well as Quality Assurance directorates respectively. Qualitative data was analysed thematically and presented in a narrative description, while quantitative data was organized using Statistical Package for Social Sciences (SPSS version 24) and summarized by use of descriptive statistics such as means, frequencies, and percentage for ease of analysis and presentation by the researcher. The findings of the study revealed that university core business functions of teaching, research, and outreach services generated massive e-records. However, the management of such records was compromised largely because of the lack of integration of e-records management into the business process. Besides, the university lacks an e-records management programme. Moreover, there is lack of policy framework; thus, hampering e-records security management. Security of the erecords were also compromised because this activity was left until the last stage of the e-record with minimal priority. There was also lack of guidelines on e-records classification. The findings revealed challenges related to cyber-attacks, non-adherence to ethical security values, and inadequate skills that affected e-record security management. The study recommended the development and implementation of a records management programme and policies, adoption of relevant standards, developing skills about the cyberspace, provision of adequate budget, education and training.