The Information management standard for Australian Government and the Building trust in the public record policy both support the strategic governance and fit-for-purpose management of Australian Government information assets.
The three key requirements and 17 actions in the policy are consistent with the principles of the standard.
The following table maps the principles and recommended actions of the standard against the requirements and actions of the policy. It is designed to make it easier for Australian Government agencies to understand and comply with their information management obligations.
Relationship between the standard and policy – detailed mapping
| Building trust in the public record policy | Information management standard for Australian Government |
| Requirement 1: Manage information assets strategically with appropriate governance and reporting |
Principle 1: Business information is systematically governed Recommended action 1.1: Include information governance within corporate governance Recommended action 1.2: Develop frameworks, strategies and policies Recommended action 1.3: Ensure valuable information assets are known and controlled Recommended action 1.4: Review and audit IM practices and processes Recommended action 1.5: Resource information management Recommended action 1.6: Senior management coordinate and review information governance Recommended action 1.7: Senior management provide leadership Recommended action 1.8: Foster a culture which values and manages information as an asset Recommended action 1.9: Produce and disseminate policies and procedures Recommended action 1.10: Train and educate staff on an ongoing basis |
| Action 1: Assess your information management capability annually using the National Archives' survey tool – Check-up |
Principle 1: Business information is systematically governed Recommended action 1.4: Review and audit IM practices and processes |
|
Action 2: Review and update your information governance framework to incorporate enterprise-wide information management. This should include governance for records, information and data. Develop an information governance framework if one does not exist. |
Principle 1: Business information is systematically governed Recommended action 1.2: Develop frameworks, strategies and policies |
|
Action 3: Review and update roles and responsibilities for your Information Governance Committee and Chief Information Governance Officer to include enterprise-wide information management. Establish an Information Governance Committee and Chief Information Governance Officer role if they do not exist. |
Principle 1: Business information is systematically governed Recommended action 1.1: Include information governance within corporate governance structures and frameworks Recommended action 1.2: Develop frameworks, strategies and policies |
| Action 4: Create an enterprise-wide information management strategy. |
Principle 1: Business information is systematically governed Recommended action 1.2: Develop frameworks, strategies and policies |
| Action 5: Register your information assets where there is business value in doing so. |
Principle 1: Business information is systematically governed Recommended action 1.3: Ensure valuable information assets are known and controlled |
| Action 6: Identify staff capability gaps in information management, in particular for staff with specialist information management roles, and plan to address them. |
Principle 1: Business information is systematically governed Recommended action 1.10: Train and educate staff on an ongoing basis to assist them to meet their responsibilities. Support ongoing professional development for staff with specialist information management roles to enable them to keep up to date with current and evolving information management trends. |
| Action 7: Actively support information management at a senior management level and have structures in place for senior managers to engage with skilled information management professionals |
Principle 1: Business information is systematically governed Recommended action 1.1: Include information governance within corporate governance structures and frameworks Recommended action 1.5: Resource information management Recommended action 1.6: Senior management (particularly those with specialist information roles) coordinate and review information governance and report regularly to the agency head. Recommended action 1.7: Senior management provide leadership by actively supporting information management, including authorising key products and tools. |
|
Action 8: Monitor progress made towards achieving policy actions, and regularly report on progress to senior management. Document risks of not following recommended practice. |
Principle 1: Business information is systematically governed Recommended action 1.4: Review and audit how well information management practices and processes support the business and realise return on investment. Develop strategies for quality assurance and continuous improvement. |
| Requirement 2: Implement fit-for-purpose information management processes, practices and systems |
Principle 2: Necessary business information is created Recommended action 2.1: Identify where there is a business need to create a record Recommended action 2.2: Document information to meet business needs about activities Recommended action 2.3: Create good quality business information that is fit for purpose Recommended action 2.4: Ensure business information creation is integrated into business processes Principle 3: Business information is adequately described Recommended action 3.1: Analyse and describe what needs to be known about business information so that all needed information can be dependably found, understood and used Recommended action 3.2: Determine what level of description is adequate Recommended action 3.3 Design or provide appropriate tools and systems Principle 4: Business information is suitably stored and preserved Recommended action 4.1: Store business information in a secure and suitable environment Recommended action 4.2: Develop and implement preservation strategies to ensure that information remains useable Principle 5: How long business information should be kept is known Recommended action 5.1: Analyse and document how long business information needs to be kept Recommended action 5.2: Ensure the retention period of business information is known Recommended action 5.3: Provide advice on types of business information to be routinely destroyed Principle 6: Business information is accountably destroyed or transferred Recommended action 6.1: Assess business information against current records authorities Recommended action 6.2: Confirm there is no need to keep business information Recommended action 6.3: Follow any protective security requirements for destruction Recommended action 6.4: Document the action, authority and approval for destruction or transfer Principle 7: Business information is saved in systems where it can be appropriately managed Principle 7: Business information is saved in systems where it can be appropriately managed Recommended action 7.1: Identify what functionality the system will need to enable and support use of business information Recommended action 7.2: Determine the degree of controls Recommended action 7.3: Use business systems that meet all needs for reliable & trusted information Recommended action 7.4: Have appropriate governance measures Recommended action 7.5: Periodically review that systems are managing information effectively to support business needs Recommended action 7.6: Plan for decommissioning of systems and migration of needed business information Recommended action 7.7: Provide risk-based advice to staff Principle 8: Business information is available for use and reuse Recommended action 8.1: Make business information readily available Recommended action 8.2: Remove restrictions on business information as soon as they no longer apply Recommended action 8.3: Facilitate the use of business information based on user needs Recommended action 8.4: Evaluate the technological environment Recommended action 8.5: Plan to progressively improve business systems governance and architecture Recommended action 8.6: Release and publish business information for public discovery and reuse Recommended action 8.7: Govern business information so it easy to find, use and reuse |
|
Action 9: Manage all digital information assets, created from 1 January 2016, digitally. Information assets created digitally from this date, that are eligible for transfer to the National Archives, will be accepted in digital format only. |
Principle 2: Necessary business information is created Recommended Action 2.3: Create good quality business information that is fit for purpose Principle 4: Business information is suitably stored and preserved Recommended action 4.2: Develop and implement preservation strategies to ensure that information remains usable |
| Action 10: Ensure business systems, including whole-of-government systems, meet functional and minimum metadata requirements for information management. |
Principle 3: Business information is adequately described Recommended action 3.1: Analyse and describe what needs to be known about business information so that all needed information can be dependably found, understood and used Recommended action 3.2: Determine what level of description is adequate Principle 7: Business information is saved in systems where it can be appropriately managed Recommended action 7.1: Identify what functionality the system will need to enable and support use of business information Recommended action 7.3: Use business systems that meet all needs for reliable & trusted information Recommended action 7.4: Have appropriate governance measures |
| Action 11: Assess interoperability maturity based on business and stakeholder needs. Identify interoperability maturity gaps and plan to address them. |
Principle 8: Business information is available for use and reuse Recommended action 8.4: Evaluate the technological environment within which business information will be shared. This could include staff in remote areas or members of the public without access to the most recent technologies. Recommended action 8.5: Plan to progressively improve business systems governance and architecture Recommended action 8.7: Govern business information so it easy to find, use and reuse |
| Action 12: Implement strategies, including storage and preservation strategies, for the management of all information assets. |
Principle 2: Necessary business information is created Recommended action 2.1: Identify where there is a business need to create a record Recommended action 2.2: Document information to meet business needs about activities Recommended action 2.3: Create good quality business information that is fit for purpose Recommended action 2.4: Ensure business information creation is integrated into business processes Principle 3: Business information is adequately described Recommended action 3.1: Analyse and describe what needs to be known about business information so that all needed information can be dependably found, understood and used Recommended action 3.2: Determine what level of description is adequate Recommended action 3.3 Design or provide appropriate tools and systems Principle 4: Business information is suitably stored and preserved Recommended action 4.1: Store business information in a secure and suitable environment Recommended action 4.2: Develop and implement preservation strategies to ensure that information remains useable Principle 5: How long business information should be kept is known Recommended action 5.1: Analyse and document how long business information needs to be kept Recommended action 5.2: Ensure the retention period of business information is known Recommended action 5.3: Provide advice on types of business information to be routinely destroyed Principle 6: Business information is accountably destroyed or transferred Recommended action 6.1: Assess business information against current records authorities Recommended action 6.2: Confirm there is no need to keep business information Recommended action 6.3: Follow any protective security requirements for destruction Recommended action 6.4: Document the action, authority and approval for destruction or transfer Principle 7: Business information is saved in systems where it can be appropriately managed Principle 7: Business information is saved in systems where it can be appropriately managed Recommended action 7.1: Identify what functionality the system will need to enable and support use of business information Recommended action 7.2: Determine the degree of controls Recommended action 7.3: Use business systems that meet all needs for reliable & trusted information Recommended action 7.4: Have appropriate governance measures Recommended action 7.5: Periodically review that systems are managing information effectively to support business needs Recommended action 7.6: Plan for decommissioning of systems and migration of needed business information Recommended action 7.7: Provide risk-based advice to staff Principle 8: Business information is available for use and reuse Recommended action 8.1: Make business information readily available Recommended action 8.2: Remove restrictions on business information as soon as they no longer apply Recommended action 8.3: Facilitate the use of business information based on user needs Recommended action 8.4: Evaluate the technological environment Recommended action 8.5: Plan to progressively improve business systems governance and architecture Recommended action 8.6: Release and publish business information for public discovery and reuse Recommended action 8.7: Govern business information so it easy to find, use and reuse |
| Action 13: Create digital information assets in sustainable digital formats. |
Principle 2: Necessary business information is created Recommended action 2.3: Create good quality business information that is fit for purpose Principle 4: Business information is suitably stored and preserved Recommended action 4.2: Develop and implement preservation strategies to ensure that information remains useable |
| Requirement 3: Reduce areas of information management inefficiency and risk |
Principle 1: Business information is systematically governed Recommended action 1.4: Review and audit IM practices and processes Principle 7: Business information is saved in systems where it can be appropriately managed Recommended action 7.3: Use business systems that meet all needs for reliable & trusted information Recommended action 7.6: Plan for decommissioning of systems and migration of needed business information Recommended action 7.7: Provide risk-based advice to staff |
| Action 14: Transfer 'retain as national archives' information assets as soon as practicable, or within 15 years of creation, to the care of the National Archives. |
Principle 6: Business information is accountably destroyed or transferred Recommended action 6.1: Assess business information against current records authorities Recommended action 6.4: Document the action, authority and approval for destruction or transfer |
| Action 15: Identify remaining analogue processes and plan for transformation to digital, based on business need. |
Principle 2: Necessary business information is created Recommended action 2.3: Create good quality business information that is fit for purpose Principle 7: Business information is saved in systems where it can be appropriately managed Recommended action 7.5: Periodically review that systems are managing information effectively to support business needs |
| Action 16: Identify poorly performing legacy systems; address information management requirements when upgrading, migrating and/or decommissioning systems to meet business needs. |
Principle 7: Business information is saved in systems where it can be appropriately managed Recommended action 7.5: Periodically review that systems are managing information effectively to support business needs. Recommended action 7.6: Plan for decommissioning of systems and migration of needed business information |
| Action 17: Sentence information assets regularly and promptly destroy information assets of temporary value when no longer needed. |
Principle 5: How long business information should be kept is known Recommended action 5.1: Analyse and document how long business information needs to be kept Recommended action 5.2: Ensure the retention period of business information is known Recommended action 5.3: Provide advice on types of business information to be routinely destroyed Principle 6: Business information is accountably destroyed or transferred Recommended action 6.1: Assess business information against current records authorities Recommended action 6.2: Confirm there is no need to keep business information Recommended action 6.3: Follow any protective security requirements for destruction Recommended action 6.4: Document the action, authority and approval for destruction or transfer |