Information and data governance framework

On this page

2 December 2024

1. Purpose

National Archives Information and Data Governance Framework sets out our practices in response to the environment in which we operate – the Archives Act 1983, other applicable legislation, whole of Australian government policy settings and directives, international and Australian standards, and our internal strategies and policies. The Framework provides a high-level view of the National Archives information and data governance environment. It establishes roles and responsibilities applying to leadership and to all staff of National Archives.

The Framework supports modelling of the National Archives as an exemplar agency with a culture of accountable and business-focused governance of the National Archive's information and data assets. Our information and data are the Archives key differentiator from all other agencies.

This Framework replaces the Information and Data Governance Framework 2021.

“National Archives should be an exemplar in having established governance and reporting arrangements for 
internal information management consistent with the Archives Act 1983 and the Building Trust policy.”  

The Hon Tony Burke MP, Minister for the Arts, Statement of Expectations, 18 January 2024

2. Framework at a glance

The Information and Data Governance Framework applies to information and data, both corporate and the archival collection entrusted to our custody, in all formats, platforms and locations.

The Framework informs the National Archives Information and Data Management Policy 2023 which:

  • provides organisational information and data guidance and requirements on creating, storing, using, and disposing of corporate information and data
  • outlines the responsibilities of all staff for the information and data created, managed, controlled, and used in their role
  • describes the Archives settings for access, sharing, security and integrity of our corporate and collection information and data; and
  • outlines our commitment to continually improve our information and data governance capability.

3. Scope

This Framework applies to all information, data and records created, managed or used by National Archives, in all formats and locations, including the national archival collection in our custody. The requirements of this framework apply to all staff at National Archives, including contractors.

National Archives is the custodians of a large collection of government information and data assets. We also create valuable corporate information and data as part of managing this collection. We will have consistent governance processes, in accordance with our framework, strategies and policies, while recognising that archival and corporate information may require different policy settings.

4. Principles

These principles serve as the foundation for governing information and data at National Archives:

Quality

Trusted and high-quality data is fundamental for confident decision making, with appropriate authority, and for appropriate purposes. Information and data will be defined and documented in a consistent form with appropriate and consistent metadata.

Privacy

We adhere to the obligations of the Privacy Act 1988 and the Australian Privacy Principles which apply to corporate and collection information and data in its use, storage, disclosure and publication of personal information to ensure our handling of personal information is responsible, transparent and ethical.

Authority

Our information and data are held securely, shared appropriately, and retained in accordance with approved records authorities. We govern our information and data to ensure that authentic, complete, and reliable information and data is available to support decisions, provide sound advice, develop good policy, and deliver services and programs effectively.

Innovation

We implement innovative processes, tools, and technologies to enhance consistency, efficiency, capability, authority and quality of information and data. We strive to deliver data analyses, dashboards, reports, and visualizations for information and data-driven decision making.

Custodianship

We are the primary custodian of the archival resources of the Commonwealth. We define our vision for the national archival collection, both digital and analogue, and create our policies, plans and processes to realise this vision. We describe and register our data assets and ensure each asset has a delegated custodian.

Technology

Technology is leveraged to make information and data discoverable, usable, manageable, and insightful, identify trends and anomalies, and optimise data workflows. Information and data often have a lifespan longer than the technology on which they are hosted, so data and information is considered as a separate entity to technology, and governed in accordance with its value and risk.

Collaboration

Our information and data governance systems enhance content collaboration, communication, and accessibility. Staff are supported in their information and data management responsibilities and activities through appropriate and resourced systems, strategies, policies, guidance and procedures, along with information and data governance education and training.

Capture

The capture of information and data in approved information management systems is essential for managing its use and access overtime. Fit for purpose information and data governance storage will allow information and data to inform, implement, document, and communicate our activities and decisions, promoting the ability to work cohesively and provide accessibility.

Access

Information and data are open by default for legitimate business purposes to reduce duplication and improve transparency. This promotes accessibility through appropriate access, formats, and metadata, and through interoperability as needed across systems, channels, and technologies. We promote appropriate information and data sharing with other Australian Government agencies, the Australian community, and where appropriate with our international colleagues and peers.

5. The Whole of Government Environment

Information and Data Governance Framework influences.

Whole of government environment.

Archives Act 1983

The Archives Act 1983 (the Act) makes the National Archives responsible for leadership in best-practice management of the official record of the Australian Government and ensures that Australian Government information of enduring significance is secured, preserved and available to government agencies, researchers and the community. Decisions about corporate and collection information and data are made with a view of long-term preservation and accessibility as we perform our obligations under the Archives Act 1983 and the Archives Regulations.

Prime Minister and Cabinet

The Digital Economy Strategy 2022 sets the framework and direction for Australia to become a top 10 digital economy and society by 2030.

Our Minister and Parliament

We strive to meet the expectations of The Hon Tony Burke MP, Minister for the Arts, and of the Parliament including responding to information requests such as the Senate Continuing Order for the production of departmental and agency file lists.

Digital Transformation Agency

The Australian Government through its Data and Digital Government Strategy has committed to use data and digital technologies to improve government service delivery and decision-making, with a goal of better outcomes for all people and business.

Office of the National Data Commissioner

Government decisions must be based on the best evidence available and good quality data is critical to good quality evidence. To help achieve this, the Office of the National Data Commissioner (ONDC) has developed the Foundational Four, setting capability requirements for data leadership, strategy, governance and discovery.

The Data Availability and Transparency Act 2022 enables sharing of Australian Government data through the DATA Scheme. The DATA Scheme is focused on increasing the availability and use of Australian Government data to deliver government services that are simple, effective and respectful, inform better government policies and programs, and support world-leading research and development.

Building Trust in the Public Record policy

As an exemplar agency under our Building trust in the public record policy we demonstrate the requirements of the policy by progressive and innovative best practice approaches for the governance of information and data assets.

Standards

The Information Management Standard for Australian Government (PDF 2.9MB) is formally recognised and adopted when appropriate. The standard supports National Archives to create and maintain reliable and useable corporate information and data which is secure and protected from loss or unauthorised access, use or sharing.

Security

All information handling must be in line with the: Protective Security Policy Framework (PSPF) and specifically the Information Security Manual (ISM). The ISM is a cyber security framework designed to protect information technology and operational technology systems, applications, and data from cyber threats.

The Australian Signals Directorate's (ASD's) Blueprint for Secure Cloud is an online tool to support the design, configuration and deployment of collaborative and secure cloud and hybrid workspaces, with a current focus on Microsoft 365. The Blueprint provides better practice guidance, configuration guides and templates covering risk management, architecture and standard operating procedures developed.

Indigenous Data Sovereignty

The Framework of Governance of Indigenous Data for Australian Government Agencies aims to provide Aboriginal and Torres Strait Islander people greater agency over how their data are governed within the Australian Public Service so government held data better reflects their priorities and aspirations.

Artificial Intelligence

The Australian Government has recognised Artificial Intelligence platforms and technologies as current and emerging technologies with the capacity to impact our national interest. We recognise the efficiencies and innovation they offer if they are implemented in a secure and ethical manner in line with the Government’s AI Ethics Principles. We are committed to following the principles laid out in the National Framework for the assurance of AI in government (PDF 2.9MB) to ensure any use we make of AI is safe and responsible.

 

6. The National Archives Internal Environment

Digital First

The Digital First program of work is focused on providing digital uplift and transformation of legacy technology issues. Tools, systems, and platforms will be tracked, monitored, assessed, and strategically managed.

Strategy 2030

Strategy 2030: a transformed and trusted Archives sets out the vision for a transformed and trusted National Archives.

Corporate Plan

The Corporate Plan 2024-25 to 2027-28 sets four key activities to achieve our purpose under the themes of enable, secure, connect and innovate, and outlines how these key activities will be achieved.

Data Strategy

The Data Strategy 2023-2025 has been developed with the overall goal to improve how the Archives benefits from our data assets. It is a call to action aimed to improve our data maturity: how we use, manage, preserve, and access our corporate and collection data.

Risk

Risk assessment for information and data governance will ensure there are checks and safeguards in place. Poor risk governance can undermine the National Archives integrity and standing, thereby undermining government and public trust. National Archives' Risk Management Framework and Policy defines our approach to the management of risk and the principles that support our strategic plans and objectives. Information and data risks will be identified in Information and Data Management Plans.

Security

Information and data will be protected with appropriate security systems and processes dependant on the sensitivity of the information and data. The Information Security Policy outlines National Archives acceptable practices, and the responsibility and monitoring needed to meet the required standards for information security.

Aboriginal and Torres Strait Islander Protocols

Our Way: Aboriginal and Torres Strait Islander protocols aim to develop a culturally competent organisation that will facilitate trust between National Archives and Aboriginal and Torres Strait Islander peoples. In managing our information and data we will adhere and are respectful of these protocols.

Privacy Policy

The National Archives Privacy Policy outlines our obligations for managing personal information in accordance with the Australian Privacy Principles (APPs) as specified in the Privacy Act 1988.

7. Information and Data Strategies and Policies

The following strategies and policies support the Framework and provide accountability and guidance for information and data governance:

The Information and Data Management Policy sets information management responsibilities, including systems, monitoring, legislation and standards.

Access to publicly available AI [Artificial Intelligence] from NAA systems policy establishes a framework to govern the appropriate use by staff of generative (AI) in the National Archives context.

Cloud Use Guidance – provides guidance on the use of cloud services by National Archives and ensures staff consider the unique business needs and risk profiles of cloud technologies.

Normal Administrative Practice (NAP) Policy clarifies responsibilities and advises staff and contractors what information can be routinely destroyed as part of normal business.

8. Roles and responsibilities

Information management roles and responsibilities graphic

Information Governance roles and responsibilites.

Download Roles and responsibilities (PDF 554KB)

All NAA Staff

  • Cooperate with your team to consistently manage information and data.
  • Understand and carry out the information and data management requirements of your role.
  • Document your daily work – decisions, actions, activities, processes and procedures – and save it in the right location, in a way that can be found again.
  • Destroy corporate information and data assets only in accordance with the Normal Administrative Practice (NAP) Policy. Any other destruction of data assets must be approved by the CIDGO.
  • Record information in ways and in systems that are accessible, usable and interoperable.
  • Model good information and data management practices.
  • Ensure tools and technologies developed, implemented and deployed support effective and compliant information and data governance

Information and Data Governance Committee

  • Coordinate governance activities for information and data assets
  • Monitor effectiveness of information and data governance activities
  • Execute decisions in relation to National Archives' information and data assets
  • Report to the Executive Board for each session held
  • Govern the development of a consistent, systematic and whole-of-agency approach to managing data and information
  • Lead your branch on information and data risk management, and consider information risks when decisions are made, technology or tools selected, projects initiated, and processes established or reviewed.

Chief Information and Data Governance Officer

  • Administer the implementation of information and data frameworks, strategies, policies and standards.
  • Approve disposal of our corporate information and data assets, in accordance with the relevant records authorities.
  • Ensure we make the best use of tools and technologies to support good information and data outcomes.
  • Engage with internal and external stakeholders to promote information and data governance.
  • Promote the delivery and reporting on information and data management, governance and architecture improvement within National Archives.
  • Oversee the Digital Asset Register.

All NAA Directors

  • Assess Risk and Privacy Impact of the information, data and systems they control.
  • Initiate Information Management Functionality Checklists before the procurement of on-premise or cloud-hosted tool or service.
  • Manage the data assets and systems under their control including input and update of information in the Digital Asset Register.
  • Deliver outputs for Data Sharing Agreements, as guided by Information Governance.
  • Report suspected or confirmed security incidents involving cloud or on-premise services to the Cyber Security Adviser (ITSA), Security Advisory Unit and Information Governance.

9. Review and feedback

National Archives is committed to continuous improvement of governance practices and procedures and, as such, this framework will be renewed every three years from the date of approval, unless required earlier. The Chief Information and Data Governance Officer will facilitate the review of this framework in collaboration with key stakeholders.

Feedback on this framework can be forwarded to information.governance@naa.gov.au.

10. Authorisation

Approved 2 December 2024 by: 

Leigh Berrell
Assistant Director-General, Data and Digital
Chief Information Officer 
National Archives of Australia 

David Swift 
Chief Information and Data Governance Office
National Archives of Australia 

11. Document control

Version 0.1
Author Information Governance
Document status Consultation Draft
Custodian Chief Information and Data Governance Officer
Proposed review date December 2027

12. Revision history

Version Date Comments
0.1 IDGC15 Draft for consultation with GRA and GIPS 
0.2 IDGC15 Draft for IDGC review
0.3 IDGC16 Refined version for IDGC approval
1.0 5 Nov 2024 Approved