Digital authorisations and workflows improve business efficiency, support end-to-end digital processes and increase the availability of more complete and meaningful information.
The Building trust in the public record policy includes the following actions for agencies:
- Manage all digital information assets, created from 1 January 2016, digitally (action 9 – mandatory)
- Identify remaining analogue processes and plan for transformation to digital (action 15 – recommended)
The Digital Authorisations Framework can help your agency implement these policy actions with appropriate digital authorisations and workflows based on its business.
Digital Authorisations Framework
The National Archives' Digital Authorisations Framework (pdf 2113 kb) is a risk-based assessment tool for transforming analogue approval processes to fit for purpose digital approvals. It provides Australian Government agencies with a consistent approach for determining appropriate digital approval methods for business processes.
The framework helps to support:
- end-to-end digital workflows and processes
- more timely and efficient decision making
- more complete and meaningful information
- greater accountability and transparency
Digital approval methods
The Digital Authorisations Framework helps to provide appropriate levels of assurance for using a variety of digital approval methods. The digital approval methods specified in the framework are:
- Email – A significant amount of government business is completed by email. With appropriate controls in place, email can typically be used to record both routine and more complex business decisions and approvals.
- Action tracking – Action tracking enables tasks associated with specific business information – for example reviewing and approving – to be assigned to specific users. It is typically a linear process, from one user to the next.
- System workflows – System workflows typically automate processes within a business system to complete a specific business task. Workflows can also be manually developed in a compliant records management system to automate a specific business process or action on information within the system, for example to review and approve a document, action or request.
Other approval methods can be used in conjunction with those recommended in the framework. For example, where required for high risk processes, a digital signature can be used in conjunction with the recommended approval method to provide a higher level of user authentication and security.
Digital signatures
Digital signatures, which use digital keys and certificates to authenticate identity and encryption technology, represent a specific type of electronic signature. They are supported under the framework but should only be used as necessary, based on the risk and requirements associated with a specific business process.
The Gatekeeper Public Key Infrastructure (PKI) Framework governs the use of digital signatures (digital keys and certificates) by the Australian Government, to assure the identity of subscribers to authentication services.
Building your framework
The framework has three phases:
Phase 1: Business process risk assessment
Phase 1 helps to determine the risk level associated with implementing a digital approval for a specific business process. This top-level risk assessment should be carried out on each existing analogue approval process to help determine which other phases need to be completed.
Refer to the Phase 1 – Business process risk assessment workflow diagram (pdf 235kb) for an overview of the assessment process.
Phase 2: Approval requirements: Phase 2 includes questions and guidance to help determine an appropriate digital approval method. If completing Phase 2 is recommended, you will answer questions divided into four modules to identify and resolve potential issues associated with implementing a digital approval method.
Refer to the Phase 2 – Approval requirements diagrams (pdf 250kb) for an overview of this module or Phase 2 – Approval requirements checklist (pdf 692kb).
Phase 3:Approval method selection: Phase 3 consists of two questions, and supporting guidance to help determine and implement the most appropriate digital approval method based on the results of your assessments in Phases 1 and 2.
Refer to the Phase 3 – Approval method selection workflow diagram (pdf 244kb) for an overview of this module.
Preparing to use the framework
An information review of your agency's core information assets should be carried out before applying the Digital Authorisations Framework, to identify:
- manual or inefficient workflows and approval processes, including those currently requiring a wet-ink signature,
- high volume and / or low risk business processes that can be prioritised for transformation to fully digital processes
- business processes with a legislative requirement to complete an approval process in a pre-defined way, including a documented requirement for a hard copy signature
- existing tools or software that could be used to support end-to-end digital processes, including fit for purpose digital approvals
- agency specific risk methodologies that can be used to identify potential risks associated with implementing end-to-end digital processes or digital approvals.
The Framework
Digital Authorisations Framework (pdf 2113 kb)
Phase 1 – Business process risk assessment workflow diagram (pdf 39 kb)
Phase 2 – Approval requirements checklist (pdf 49 kb)
Phase 2 – Approval requirements diagram (pdf 101 kb)
Phase 3 – Approval implementation workflow diagram (pdf 47 kb)
Source
The Digital Authorisations Framework was developed by the National Archives in consultation with Australian government agency representatives through a consultative working group.
The framework was developed to support implementation of the Digital Continuity 2020 Policy (to 31 December 2020). It also supports implementation of the Building trust in the public record policy (from 1 January 2021). An exposure draft was published on the National Archives website in August 2017 for wider review. Advice and feedback received were incorporated into the final version provided.
Please contact the Agency Service Centre if you would like more information about the framework or advice on applying it within your agency.