The Building trust in the public record policy plays a key role in supporting Australian Government agencies' continual improvement in managing information assets (records, information and data).

The policy recommends that agencies:

• ensure business systems meet functional and minimum metadata requirements for information management (action 10)
• identify remaining analogue processes and plan for transformation to digital, based on business need (action 15).

The Business System Assessment Framework provides a consistent, streamlined, risk-based approach to the assessment of information management functionality in business systems.

It is consistent with Part 1 of ISO 16175, Processes and functional requirements for software for managing records.

The Business System Assessment Framework

The Business System Assessment Framework will enable your agency to better manage its business information through:

• assessing information and data risks and values
• identifying the systems functionality required to manage information and data appropriately
• providing solutions to address gaps in a system's ability to manage information and data
• ensuring greater accountability and transparency.

The framework recognises that not all information and data is of equal value. It has been developed so that business systems managing high-risk or high-value information and data undergo a more extensive assessment than systems managing low-risk or low-value information and data.

The framework can be used to build functional specifications for new systems and applied to existing systems. It is suitable for use by information management practitioners, business owners and ICT staff.

Note that the framework does not apply to Electronic Document and Records Management Systems (EDRMS).

Before you begin

The framework is part of a larger suite of information governance tools. To assist with assessing your business systems, you should have:

Systems register

You need to identify the systems in your agency. One way of doing this is to create a systems register listing all the business systems in use in your agency including any legacy systems. The register should list key details about the system including name, version, business owner and a summary of the type of information held. It should also indicate where systems are linked to, and relied on by, other systems. The details in the systems register will help you to prioritise which systems to assess. High-risk and/or high-value systems should have priority.

Identifying all the systems in use will help you keep track of where you are up to with your assessments. If you do not have a systems register, a good place to start to identify systems would be your ICT area. You may also be able to draw on information from your business continuity plan, Check-up assessments or information review findings.

System information management plan

The assessment of each system should be documented in a system information management plan template (PDF, 152kB). The plan should:

• link to your systems register and other information governance documents
• cover all relevant information about the system including software, business owners, how it will be managed over its life and details about its assessment against the framework
• extend to systems and technology hosted in the cloud, or via social media and mobile devices.

Contact us

If you have questions or feedback about the framework please contact the Agency Service Centre by using our inquiry form.

Resources

• The Business System Assessment Framework (pdf 1010 kb)
• Phase 1 – Risk assessment diagram (pdf 69 kb)
• Phase 2 – Assessment functionality diagram (pdf 100 kb)
• Phase 3 – Implementing solutions diagram (pdf 70 kb)