Digital Authorisations and workflows

Digital authorisations and workflows improve business efficiency, support end-to-end digital processes and increase the availability of more complete and meaningful information.

Australian Government agencies are required to record business interactions, decisions and authorisations digitally to meet the Digital Continuity 2020 targets of Principle 2 – Information is managed digitally of the Digital Continuity 2020 Policy.

The most efficient and effective way to do this is through the application of appropriate digital authorisation tools and workflows. The Digital Authorisations Framework can help you choose which tool is best for your agency's business.

Digital Authorisations Framework

Digital Authorisations Framework (docx 2.5mb) is a risk-based assessment tool for transforming analogue approval processes to fit for purpose digital approvals. It provides Australian Government agencies with a consistent approach for determining appropriate digital approval methods for business processes.

The framework helps to support:

  • end-to-end digital workflows and processes
  • more timely and efficient decision making
  • more complete and meaningful information
  • greater accountability and transparency

Online tool pilot

To complement the Digital Authorisations Framework released in October 2017, we are piloting an online tool to further support agencies to undertake and record interactions, decisions and authorisations digitally. The tool has been designed to:

  • make it easier to identify and implement digital approval processes
  • seamlessly guide users through the framework
  • facilitate the assessment of processes in a consistent manner
  • support decisions and build a business cases for change for process change
  • provide evidence that appropriate rigour has been undertaken
  • identify and resolve potential issues associated with converting and implementing a digital approvals.
  • provide implementation advice tailored to your business process and the digital approval method recommended.

Accessing the online pilot tool

Open the Digital Authorisations Framework online tool.

We welcome your feedback on the usability of the tool through the Agency Service Centre

Digital approval methods

The Digital Authorisations Framework helps to provide appropriate levels of assurance for using a variety of digital approval methods. The digital approval methods specified in the framework are:

  • Email – A significant amount of government business is completed by email. With appropriate controls in place, email can typically be used to record both routine and more complex business decisions and approvals.
  • Action tracking – Action tracking enables tasks associated with specific business information – for example reviewing and approving – to be assigned to specific users. It is typically a linear process, from one user to the next.
  • System workflows – System workflows typically automate processes within a business system to complete a specific business task. Workflows can also be manually developed in a compliant records management system to automate a specific business process or action on information within the system, for example to review and approve a document, action or request.

Other approval methods can be used in conjunction with those recommended in the framework. For example, where required for high risk processes, a digital signature can be used in conjunction with the recommended approval method to provide a higher level of user authentication and security.

Digital signatures

Digital signatures, which use digital keys and certificates to authenticate identity and encryption technology, represent a specific type of electronic signature. They are supported under the framework but should only be used as necessary, based on the risk and requirements associated with a specific business process.

The Gatekeeper Public Key Infrastructure (PKI) Framework governs the use of digital signatures (digital keys and certificates) by the Australian Government, to assure the identity of subscribers to authentication services.

What's in the framework?

The framework has three phases:

  • Phase 1: Business process risk assessment: Phase 1 helps to determine the risk level associated with implementing a digital approval for a specific business process. This top-level risk assessment should be carried out on each existing analogue approval process to help determine which other phases need to be completed.

Refer to the Phase 1 – Business process risk assessment workflow diagram (pdf 235kb) for an overview of the assessment process.

  • Phase 2: Approval requirements: Phase 2 includes questions and guidance to help determine an appropriate digital approval method. If completing Phase 2 is recommended, you will answer questions divided into four modules to identify and resolve potential issues associated with implementing a digital approval method.

Refer to the Phase 2 – Approval requirements diagrams (pdf 250kb) for an overview of this module or Phase 2 – Approval requirements checklist (pdf 692kb).

  • Phase 3:Approval method selection: Phase 3 consists of two questions, and supporting guidance to help determine and implement the most appropriate digital approval method based on the results of your assessments in Phases 1 and 2.

Refer to the Phase 3 – Approval method selection workflow diagram (pdf 244kb) for an overview of this module.

Preparing to use the Framework

An information review of your agency's core information assets should be carried out before applying the Digital Authorisations Framework, to identify:

  • manual or inefficient workflows and approval processes, including those currently requiring a wet-ink signature,
  • high volume and / or low risk business processes that can be prioritised for transformation to fully digital processes
  • business processes with a legislative requirement to complete an approval process in a pre-defined way, including a documented requirement for a hard copy signature
  • existing tools or software that could be used to support end-to-end digital processes, including fit for purpose digital approvals
  • agency specific risk methodologies that can be used to identify potential risks associated with implementing end-to-end digital processes or digital approvals.

Development

The Digital Authorisations Framework was developed by the Archives in consultation with Australian government agency representatives through a consultative working group. An exposure draft was published on the Archives website in August 2017 for wider review. Advice and feedback received were incorporated into the final version provided.

Please contact the Agency Service Centre if you would like further information about the framework, or advice on applying it within your agency.

Copyright National Archives of Australia 2018