Information and data governance framework

On this page

23 December 2021

1. Chief Information Officer message

National Archives of Australia (National Archives) provides leadership in best practice management of the official record of the Commonwealth and ensures that Australian Government information of enduring significance is secured, preserved and available to government agencies, researchers and the community.

Our information and governance commitments include both the national archival collection and the Corporate records trusted to, and created by National Archives staff. We actively respond to the evolving information and data environment addressing new government initiatives, policy and reviews. Progress continues at a fast pace.

We are committed to:

  • the information management standards that must be met by Australian Government agencies
  • creating and documenting the National Archives’ corporate business via our information and data holdings
  • managing Australian Government information of enduring significance as part of the national archival collection
  • preserving and securing the national archival collection
  • the appropriate destruction of our corporate information and data of no enduring significance
  • ensuring that public access to the national archival collection is provided in accordance with the Archives Act 1983 to the fullest extent, while taking proper account of privacy, security, confidentiality and public interest.

We have an ongoing commitment to refining our approach and practice in relation to information and data governance, and records and data management. This framework lays the foundation for the successful governance of our information and data holdings now and into the future.

2. Framework at a glance

The Framework applies to all information, data and records governed by National Archives, in all formats and locations, including the national archival collection entrusted to our custody.

We seek to actively respond to the policy settings of the Australian Government: including Building trust in the public record: managing information and data for government and community policy and the Foundational Four of the Office of the National Data Commissioner (ONDC) for information and data.

This framework allows us to develop and implement strategic and policy settings that:

  • make better use of data professionally, securely and effectively under the National Archives' Data Strategy 2020–2022
  • affirm the commitment to effective governance and management for all National Archives’ information and data assets, both corporate and the national archival collection.
  • clearly define the standards, expectations and responsibilities for managing both corporate and collection information and data for all staff
  • ensure our information and data management practices meet legal obligations, accountability requirements, business needs and stakeholders’ expectations.

All National Archives staff have responsibility to ensure the information and data we create, manage and are custodians of, carry out the information and data management responsibilities of their role.

3. Purpose

This Framework has been developed to assist National Archives to strategically manage its information and data assets. It provides a basis for decisions and activities relating to our information and data assets. It aligns with the key standards, policies and strategies of National Archives and the Australian Government.

We will:

  • manage our information and data assets – both corporate and national archival collection – strategically with appropriate governance and reporting to meet current and future needs of government and community
  • implement fit-for-purpose information and data management processes, practices and systems that meet our identified needs for information and data asset creation, use and re-use
  • reduce areas of information and data management inefficiency and risk to ensure public resources are managed effectively.

4. Scope

This Framework applies to all information, data and records created, managed or used by National Archives in the course of its remit, in all formats and locations, including the national archival collection in our custody. The requirements of this framework apply to all staff at National Archives, including contractors.

The governance of the national archival collection within this framework is at a high-level. Collection strategies, policies and procedures continue to be the responsibility of those sections entrusted with the care and management of the collection which is practiced using embedded archival principles.

All information and data assets are included in this Framework to ensure National Archives' accountably meets its vision to be a world leading archive empowered and resourced to ensure that authentic government information and data are created, secured, preserved and accessible to government and the Australian community.

5. Principles

The following principles will guide all staff in managing information and data at National Archives:

Evidence

Information and data are central to the work of National Archives:

  • We are custodians of a large collection of government information and data assets
  • We create valuable corporate information and data as part of managing this collection
  • We use information and data to inform, implement, document and communicate our activities and decisions, promoting the ability to work cohesively as one Archives.

Custodianship

National Archives is the primary custodian of the archival resources of the Commonwealth for the Australian people:

  • We define our vision for the national archival collection, both digital and analogue, and create our policies, plans and processes to realise this vision
  • Decisions about the collection are made with a view of long-term preservation and accessibility to perform our obligations under the Archives Act 1983
  • Decisions about collection assets are made to consider their full lifecycle at National Archives: from selection to custody, preservation and access. All relevant stakeholders will participate in the decision-making.

Technology

Technology facilitates the creation and management of information and data assets, however information and data often have a lifespan longer than the technology cycle. Data and information will be considered as a separate entity to technology and governed in accordance with its value and risk.

Collaboration

Working together across branches and sites is critical to the work of National Archives. To support this, National Archives will seek out tools to support staff to communicate and collaborate, promote information sharing, and break down silos.

Access

Information and data assets will be governed to promote:

  • usability as a valuable organisational asset
  • accessibility through appropriate formats and metadata
  • interoperability as needed across systems, channels, technologies and time.

Resources

Our policies and plans for our information and data assets can be accomplished with the resources available.

Governance

We will have consistent governance processes, in accordance with our plans and policies, while recognising that archival and corporate information may require different policy settings.

6. The environment

National Archives was established under the Archives Act 1983 (the Act). As an Executive Agency of the Australian Government, National Archives provides leadership in best-practice management of the official record of the Australian Government and ensures that Australian Government information of enduring significance is secured, preserved and available to government agencies, researchers and the community.

We recognise our environment is changing: The Tune Review and response by the government ensure National Archives can continue to carry out its vital role of identifying, preserving and providing access to the most important records of government. We are addressing the changing environment through our long-term strategic outlook: Strategy 2030 – a transformed and trusted National Archives. The change we are committed to will also impact on the way we work. Our capabilities and systems are also changing – we will continue to ensure good governance with the use of Microsoft 365 as the internal National Archives collaboration platform.

Aboriginal and Torres Strait Islander protocols

National Archives recognises that there is a diversity of Aboriginal and Torres Strait Islander peoples, cultures, languages and histories. National Archives has developed new protocols to guide its Indigenous community engagement and records management. The Our way: Aboriginal and Torres Strait Islander protocols aim to develop a culturally competent organisation that will facilitate trust between National Archives and Aboriginal and Torres Strait Islander peoples. They have been developed in line with the United Nations' Declaration on the rights of indigenous peoples and the International Council on Archives' Tandanya – Adelaide declaration.

Our way includes clear actions set out under 5 overarching protocols:

  • Leadership
  • Rights
  • Access
  • Authority
  • Acknowledgement.

National Archives acknowledges Aboriginal and Torres Strait Islander records are varied and dynamic. Records are created and managed orally and through stories, dance, art and material objects as well as through analogue or digital forms.   

Building trust in the public record

The Building trust in the public record: managing information and data for government and community policy (BTPR policy) identifies key requirements for managing Australian Government information assets (records, information and data) for Commonwealth agencies. It is intended to improve the creation, collecting, management and use information and data assets. Information Governance is responsible for the management and governance of information and data at National Archives. It will be the responsibility of Information Governance to action recommendations within the policy to ensure National Archives:

  • reduce areas of information management inefficiencies and risk
  • manage information assets strategically with appropriate governance and reporting to meet current and future needs of government and community
  • implement fit-for-purpose information management processes, practices and systems that meet identified needs for information asset creation, use and re-use
  • reduce areas of information management inefficiency and risk to ensure public resources are managed effectively.

A BTPR policy Implementation Gap Analysis has been undertaken to assess National Archives’ maturity and any gaps. The assessed gaps have been documented in the BTPR Implementation Roadmap and BTPR National Archives Implementation Plan 2021–2025 which will detail project objectives and outcomes.

Foundational Four

National Archives follows the guidance provided by the Office of the National Data Commissioner (ONDC)  Foundational Four to better use and manage the data we hold. It sets out 4 foundational data practices that are simple and allow more productive data outcomes.

The Foundational Four are:

  • Leadership: A senior leader is responsible and accountable for data across the agency
  • Strategy: An agency has a clear vision and plan for using data to achieve objectives
  • Governance: Mechanisms exist to oversee data management
  • Asset Discovery: Data assets have been identified and recorded.

The Foundational Four guide will improve and allow reflection on our data journey.

Information Management Standard

Implementing the Information Management Standard for Australian Government supports National Archives to create and maintain reliable and useable corporate information and data. The following steps based on the standard’s principles will support effective corporate information management at the NAA:

  • Creating necessary business information, including documenting decisions and high-level meetings
  • Enabling ongoing use and re-use of data and information by making decisions and choosing approaches that put data and information at the centre
  • Information systems will be procured, configured and developed to support the ongoing integrity of the data and information
  • The currency and completeness of information will be indicated through descriptive metadata and other appropriate methods
  • Corporate Information and data assets will be accountably disposed of, using existing policies, processes, authorised relevant disposal authorisations. These outcomes will be documented.

Information security

The Information Security Policy outlines National Archives' acceptable practices and responsibility and monitoring needed to meet the required standards for information security.

All information handling must be in line with the following requirements:

  • Protective Security Policy Framework (PSPF) – Any collection, storage, transmission, or physical transfer of Australian Government information must follow the policy and guidance of the PSPF. This defines what security measures are needed to protect this information from unauthorised use or accidental modification, loss or release
  • The Information Security Manual (ISM) outlines a cyber security framework that organisations can apply, using their risk management framework, to protect their systems and data from cyber threats.

Privacy and freedom of information

By adhering to the compliance, legislation and regulation requirements of National Archives, for example, the Privacy Act 1988 and Freedom of Information Act 1982, (FOI Act) National Archives effectively manages transparency, integrity, accountability and performance concerns.

National Archives' Privacy Policy outlines our obligations for managing personal information in accordance with the Privacy Act and the Australian Privacy Principles (APPs). The policy addresses the types of personal information National Archives collects, its use and disclosure, collection of sensitive personal information, how you can access and correct personal information, and how privacy complaints can be made.

The FOI Act gives every person the legal right to access documents held by Australian Government Ministers, Departments and most agencies (some agencies are exempt) including Norfolk Island Government documents. A freedom of information request to National Archives applies only to documents and records created by National Archives. Access to information under the FOI Act now also applies to documents created or held by contractors or sub-contractors who provided services to the public or third parties on behalf of National Archives.

7. Governance

Information and Data Governance Committee (IDGC)

The IDGC is as operational committee of the Executive Board that provides Information and Data Governance oversight, assurance and direction in the response to the policies and standards for information and data governance. The IDGC is responsible for the governance of all National Archives' information and data assets, and coordinates agency information and data management frameworks, strategies and policies.

The role of the IDGC is to:

  • provide a mechanism to develop a consistent, systematic and whole-of-agency approach to governing National Archives’ information and data assets, including the national archival collection
  • monitor effectiveness of this framework, and all information and data strategy, policy and architecture documents
  • respond to information governance reporting and information audits and reviews
  • coordinate internal information reviews to identify information assets and their value, manage risk and compliance, and improve business processes
  • ensure that information is managed for its entire life in accordance with risk, including risks associated with security, access, privacy, continuity, and cost
  • act as interdepartmental liaison for whole-of-government information initiatives, such as implementing standards, information and system interoperability,
  • ensure coordination of information standards implementation, for example, business systems functionality, metadata and interoperability capabilities.

System governance

Information and data are held in a number of information systems. These systems are governed to ensure National Archives meets its business needs, accountability requirements and stakeholder expectations.

These include:

  • systems used for function unique to National Archives including RecordSearch, Mediaflex and Preservica
  • systems for administrative functions include the Recordkeeping System (RkS) our primary corporate information management system, the Secure Access Examination System (SAES) and administrative systems such as FinanceOne and Aurion.

Systems and databases are:

  • tracked and monitored using a Digital Asset register. A Digital Asset Register has been created to identify National Archives’ Corporate and Collection digital assets. The register will be the central repository when searching for information on National Archives’ digital assets
  • assessed using the Information Management Functionality Checklist
  • strategically managed using Information Management Plans.

Regular monitoring and reporting to assure the integrity of National Archives’ information and data assets will be strengthened as an important governance measure.

Risk management

Consideration of risk is a key component underlying this framework and all subsidiary strategic and policy settings. National Archives' Risk Management Framework and Policy (RMFP) defines our approach to the management of risk and the principles that support our strategic plans and objectives.

The major risks for National Archives’ information and data assets are identified in the Information Governance Risk Register:

A number of operational measures also serve as risk mitigation strategies. These include our:

  • Information and Data Governance Committee
  • Chief Information Governance Officer – this role supports the Information and Data Governance Committee and is accountable for enterprise-wide governance of National Archives’ Corporate and Collection digital assets.
  • Digital Asset Register The register is the central repository when searching for information on National Archives' digital assets
  • Information Management Functionality Checklist – a validation tool used to assess all new business systems and existing systems undergoing significant changes. The checklist is based on National Archives' Business Systems Assessment Framework and the Minimum Metadata Set
  • Information Management Plans – outline the value of information and data assets and identify strategies to manage them over time according to their value in an accountable and transparent manner
  • Completing the National Archives annual reporting survey to ensure National Archives is accountably meeting its information requirements.

National Archives information and data are open by default unless there is a legal requirement under our legislation or a legitimate need to restrict access.

8. Roles and responsibilities

All staff

It is the responsibility of all National Archives staff to:

  • understand and carry out the information and data management requirements of their role
  • document their daily work, and save it in the right location in a way that can be found again
  • document decisions, actions, activities, processes and procedures
  • ask for assistance from their supervisor or the Information Governance team if they have any questions about managing their information and data
  • work together within their team and across the Archives to consistently managing our information and data
  • model good information and data management practices
  • ensure projects, tools and technologies developed, implemented and deployed support effective and compliant information and data governance
  • record information in ways and in systems that are accessible, usable and interoperable
  • follow the advice, guidance and training provided by Information Governance section.

Staff managing the national archival collection

Staff managing the national archival collection have additional responsibilities to:

  • consider information and data management needs and risks when working with the collection
  • maintain the long-term integrity of the collection when performing collection management activities and making decisions affecting the collection.

Chief Information Governance Officer

It is the responsibility of the Chief Information Governance Officer to:

  • be accountable for enterprise-wide governance of National Archives’ information and data assets
  • oversee the implementation of information and data standards and requirements at National Archives
  • approve disposal of National Archives’ corporate information and data assets, in accordance with the relevant records authorities
  • ensure National Archives makes the best use of its tools and technologies to support good information and data outcomes 
  • engage with internal and external stakeholders to promote information and data governance at National Archives 
  • provide advice, guidance and training for National Archives staff on information and data governance
  • represent National Archives as a government agency on the development of information and data standards and policies across government.

Chief Information Officer

It is the responsibility of the CIO to:

  • oversee the information and data governance function at National Archives, including any obligations and responsibilities as an Australian Government agency
  • ensure information and data management functionality is a key factor in National Archives' technology and software procurement processes
  • represent National Archives as the exemplar agency in the Australian Government and as a strategic leader in information and data governance across the Australian Government, cross-jurisdictionally and internationally.

Information and Data Governance Committee

It is the responsibility of members of the IDGC to:

  • provide leadership in their Branches on information management needs and risks when decisions are made, technology or tools are selected, projects initiated, and processes established or reviewed
  • ensure coordination of governance activities for information and data assets, including the development of frameworks, policies, controls and standards
  • monitor effectiveness of information and data governance activities
  • make strategic decisions in relation to National Archives’ information and data assets
  • provide a report on deliberations to the Executive Board for each session held.

9. Review and feedback

National Archives is committed to continuous improvement of governance practices and procedures and, as such, this framework will be renewed every three years from the date of approval, unless required earlier. The Chief Information Governance Officer will facilitate the review of this framework in collaboration with key stakeholders.

Feedback on this framework can be forwarded to information.governance@naa.gov.au.

10. Authorisation

Approved by:

Yaso Arumugam
Assistant Director-General, Data and Digital
Chief Information Officer
National Archives of Australia
23 December 2021

David Swift
Chief Information Governance Officer (a/g)
National Archives of Australia
23 December 2021

11. Appendices

Relevant National Archives records authorities for corporate information

Administrative Functions Disposal Authority (AFDA Express Version 2)

Cultural Collections Records Authority 2011/00275285

General Records Authority 26 – Advisory Bodies 2009/00815192

General Records Authority 31 – Destruction of source or original records after digitisation, conversion or migration 2015/00499297

National Archives of Australia Records Authority 2007/00576124

National Archives of Australia Records Authority 2010/00206866

Relevant records authorities for collection material

A variety of record authorities are applied to identify and support the transfer of archival resources into the national archival collection.

Strategies and policies

The following corporate strategies and policies work together with the Framework and provide accountability and guidance for information and data governance:

Strategy 2030: a transformed and trusted National Archives – sets out the vision for a transformed and trusted National Archives.

Cloud information governance policy – sets out the information governance arrangements for information assets created, stored or managed through the use of cloud computing

Corporate plan 2021–22 to 2024–25 – outlines the three strategies to deliver the National Archives purpose and achieve our vision.

Data strategy 2020–2022 (PDF 2.2 MB) – has been developed with the overall goal to improve how the National Archives benefits from our data assets. It is a call to action aimed to improve our data maturity: how we use, manage, preserve, and access our corporate and collection data.

Digital archives strategic research priorities framework and plan – outlines a framework which will be used to guide DAIR’s research activities and the research.

Information and data management policy – details the National Archives information management responsibilities, including systems, monitoring, legislation and standards

Information security policy – forms the basis for establishing effective controls that protect the National Archives computing facilities, human resources and intellectual property

Information and technology strategic direction 2019–22 – provides the strategic and enabling services for the National Archives mission

The Archives Way – a set of cultural principles and behaviours that support and underpin our vision and mission

Our way: Aboriginal and Torres Strait Islander protocols aim to develop a culturally competent organisation that will facilitate trust between National Archives and Aboriginal and Torres Strait Islander peoples

Normal Administrative Practice (NAP) Policy – clarifies responsibilities and advises staff and contractors what information can be routinely destroyed in the course of normal business

Risk Management Policy – establishes expectations for how risk should be identified, assessed, documented and managed

Privacy Policy – outlines the National Archives obligations for managing personal information in accordance with the Australian Privacy Principles (APPs) as specified in the Privacy Act 1988

Business Continuity Policy and Business Continuity Plan – provide a framework for the identification and development of actions to respond to and recover from disruptions to Critical Business Processes which have the potential to impact on the National Archives ability to meet its legislative and mandated obligations.

Risk Management Framework and Policy (RMFP) – defines our approach to the management of risk and the principles that support our strategic plans and objectives

The following Collection strategies and policies work together with the Framework and provide accountability and guidance for information and data governance:

Access Examination Policy (currently under review) – sets out National Archives’ policy for applying exemptions to information relating to the personal, business or professional affairs of any persons, in accordance with the provisions of the Archives Act 1983

Access Manual contains policies and procedures on all Access-related matters.

Archival Control Model – updates the CRS data model and describes how records will be defined, controlled and relationally described within their context to inform the archival management systems adopted by the National Archives in the future

CRS Policy Statement – identifies the Commonwealth Records Series (CRS) system as fundamental to organising the collection, recording and documenting its context, and controlling and managing collection assets

Disposal of Records in National Archives’ Custody Following Digitisation Policy – outlines the framework for disposing of records of archival value in the National Archives custody following digitisation

Distributed Custody Policy – describes the National Archives approach to management Commonwealth records of continuing value that are in the custody of an organisation other than the National Archives

Policy for Transfer of Commonwealth Records into the National Archives of Australia's Custody – sets out the circumstances under which official Commonwealth records or other material may be transferred from the custody of Australian Government agencies into the care of the National Archives

Preservation Policy 2021–2025 – defines our preservation principles and practices for the period 2021-2025, and it provides context for the development of the organisation’s preservation strategies and plans

Delegations under the Archives Act 1983

Delegations under the Archives Act
(Section 8 Delegations by the Director-General – updated 28 July 2021)
Archives Act Section 8 (1) 'The Director-General may, either generally or as otherwise provided by the instrument of delegation, by writing under his or her hand, delegate to a person all or any of his or her powers under this Act, other than this power of delegation.’

Authorisations schedule under S56(2)
(Arrangements for accelerated or special access)
Archives Act Section 56 (2) 'The Minister or a person authorised by the Minister may, in accordance with arrangements approved by the Prime Minister, cause Commonwealth records to be made available to a person in such circumstances as are specified in the regulations notwithstanding that the Commonwealth records concerned are not otherwise available for public access under this Act.'

Freedom of Information (FOI) Authorisations – March 2019
(Authorised Persons – National Archives of Australia)
These Authorisations were authorised by the Director General on 30 March 2019.

Relevant Australian Government policies

Whole-of-Government policies and strategies impacting on the management of information and include:

Building trust in the public record

Office of the National Data Commissioner (ONDC) Foundational Four

AI Ethics Principles

Australia’s Cyber Security Strategy

Australia’s Tech Future (Digital Economy Strategy)

Australian Government Information Security Manual (ISM)

Australian Government Public Data Statement

Australian Privacy Principles

Commonwealth Procurement Rules

Digital Records Transformation Initiative

Digital Service Standard

Digital Sourcing Framework for ICT Procurement

Digital Transformation Strategy 2025

Open Government National Action Plan 2020–2022

Protective Security Policy Framework (PSPF)

Secure Cloud Strategy

Senate Continuing Order for the production of departmental and agency file lists

Relevant legislation

Legislation impacting on the management of the National Archives information and data includes:

Administrative Appeals Tribunal Act 1976

Archives Act 1983

Archives Regulations

Australian Information Commissioner's Act 2010

Australian Public Service Commissioner's Directions 2016

Copyright Act 1968

Crimes Act 1914

Data Availability and Transparency Bill 2020

Electronic Transactions Act 1999

Evidence Act 1995

Fair Work Act 2009

Freedom of Information Act 1982

Privacy Act 1988

Privacy Regulation 2013

Public Governance, Performance and Accountability Act 2013

Public Service Act 1999

Public Service Regulations 1999

12. Document control

Version 2.3 (R1038212021)
Author Information Governance
Document status FINAL
Approved by Chief Information Officer, Yaso Arumugam
Approval Date 23 December 2021
Custodian Chief Information Governance Officer
Proposed review date December 2024

13. Revision History

Version Date Comments
1.0 14/11/2019 Information Governance Committee Version for Review and Approval
1.1 24/12/2019 Director-General Approval Version (minor edits from EB feedback)
1.2 27/01/2021 Minor amendments and editorial to reflect changes to Information and Data Governance Committee. Does not affect approval date.
1.3 04/02/2021 Director-General Approval Version
2.0 18/11/2021 Major revision by Information Governance based on feedback from consultation
2.1 02/12/2021 Draft Version for consideration by Information and Data Governance Committee (IDGC)
2.2 12/12/2021 Revised by Information Governance based on feedback from IDGC, 9/12/21
2.3 23/12/2021 Endorsed by Chief Information Officer