Information Governance Framework
Information Policy and Systems
19 December 2017
The 'Information Governance Framework' (the Framework) provides the basis for the creation, capture, management and use of full and accurate records, information and data in all formats used by the Archives. It describes how information is to be governed as a vital corporate asset which is essential to help meet the Archives' business, accountability, legal and regulatory requirements.
The framework outlines an approach to information governance integrated with other organisational governance such as audit, accountability, compliance, risk management, business continuity, security and ICT governance. The requirements of this framework are informed by the Archives' business environment, legislation, whole-of-government policies and standards.
The framework also describes the cooperation and commitment required from all relevant stakeholders for implementation of effective information governance within the Archives.
This framework recognises the Archives' dual role in setting information standards for the Commonwealth and as a best practice agency in their implementation.
The Framework applies to all Archives' staff, contractors and consultants, regardless of employment terms, position and location.
The Framework applies to all of the Archives' information assets, including:
- the collection of archival resources of the Commonwealth in the Archives care
- information created to support business activities
- applications and systems used to create, capture and maintain information.
Operational responsibility for the Archival Collection is derived directly from the Archives’ Act and implemented through the National Archives of Australia Corporate Plan. High level governance arrangements for the Collection are included in this Framework as the Archives needs to meet the Digital Continuity 2020 Policy requirements, targets and pathways for all information assets, as best practice.
Throughout this document, all of Archives records, information and data holdings are described holistically by the term 'information'.
The objectives of the Framework are to:
- affirm the Archives' commitment to effective information management practices in order to meet legal obligations, accountability requirements, business needs and stakeholders' expectations
- ensure that all information assets are well managed, including the Archival Collection
- position the Archives as a forward looking, innovative and exemplar Australian Government agency employing better practice approaches for the management of information
- ensure all staff understand their information management responsibilities
- support consistent information management standards and practices across the Archives
- ensure that the Archives meets the requirements of the Digital Continuity 2020 Policy.
2. Organisational information principles
The Framework sets a number of principles to guide all staff in managing the Archives' information:
- Information is a valuable Commonwealth asset which enables business, helps to manage risk, and provides accountability and transparency in decision-making and evidence of business activities over time. Selected Commonwealth information of archival value is made accessible for current and future generations.
- Information governance is an essential element of Archives’ corporate governance. It must be aligned with other organisational governance such as audit, accountability, compliance, risk management, business continuity, security and ICT governance.
- Information is complete, accurate and useable by those with a legitimate need.
- Information must be managed in a timely, efficient and effective manner. This includes capturing and describing information as soon as possible during or after completion of business processes. Also, ensuring it is kept for as long as required and accountably disposed of when it is no longer required.
- Information must be described with appropriate metadata, as defined by relevant standards and business needs. This supports access, context, authenticity and interoperability for information.
- All digital information must be created and actively managed in an accessible digital form for as long as the information is required. Consideration must be given to how digital information will remain available and interoperable across different platforms, operating environments and successive technologies. Information should only be stored in a physical format where there is no suitable digital alternative.
3. Governance framework
The Framework operates within an overarching governance framework of legislation, whole-of-government policies, international and Australian standards, business policies and processes. It is also defined by the needs of the Archives' unique business environment and by the National Archives requirements for all Australian Government agencies.
3.1 The Archives' environment
The Archives is established by the Archives Act 1983, which identifies its key roles and responsibilities. In particular, the objects of the Archives Act are:
- to provide for a National Archives of Australia, whose functions include:
- identifying the archival resources of the Commonwealth; and
- preserving and making publicly available the archival resources of the Commonwealth; and
- overseeing Commonwealth record-keeping, by determining standards and providing advice to Commonwealth institutions; and
- to impose record-keeping obligations in respect of Commonwealth records.
The Archives' most significant information asset is the archival resources of the Commonwealth. Other information assets, created as part of the National Archives' business activities to meet these roles and responsibilities, include:
- Information describing activities for preserving, managing and providing access to the archival resources of the Commonwealth.
- Unstructured information documenting correspondence, advice, planning activities, policies and procedures
- Structured information in business systems and databases
- Human resources and payroll data
- Transaction and workflow data
- Registers of assets
- Monitoring system data
- Audio/visual assets
3.2 Relevant legislation
Legislation impacting on the management of the Archives' information includes:
3.3 Relevant Whole-of-Government policies
Whole-of-Government policies and strategies impacting on the management of information include:
3.4 Relevant information management standards
The Archives is guided by national and international information management standards, particularly those endorsed by the Archives for Australian Government agencies. Key standards include:
Records Authorities authorising the management, retention and disposal of Archives information include:
Key general corporate governance frameworks and policy documents supporting the management of information include:
- The Risk Management Framework and Policy - highlights Archives officials' responsibilities for information management to support ongoing operations, provide evidence of business activities over time and document risk management activities.
- The Business Continuity Policy and Plan - provides a framework for the identification and development of actions to respond to and recover from disruptions to Critical Business Processes which have the potential to impact on the Archives' ability to meet its legislative and mandated obligations.
- The Archives Capability Framework - highlights the critical capabilities needed across Archives. This includes providing capability development around best practice digital information management.
- The Information Security Policy 2016 – forms the basis for establishing effective controls that protect the Archives' computing facilities, human resources and intellectual property.
4. Information Management Policy
To support this Framework, the 'Information Management Policy', identifies the Archives' commitment to implementing best practice information management to ensure the creation, management and protection of information as a vital corporate asset supporting ongoing business and providing evidence of business activities over time. It also informs and guides staff on the:
- legal, regulatory and business context within which the Archives operates. This includes applicable legislation, policies, business requirements and standards that apply to the management of information
- types of information that need to be created, captured, shared and managed to support business and legal requirements
- use of information management systems for the creation, capture, protection, security, accessibility and storage of the Archives' corporate information.
5. Information Management Strategies
All information management strategies are consistent with National Archives guidance. The following strategies, policies and plans complement the Framework and provide accountability and guidance for information governance:
- Completion of annual agency survey reporting for the whole of Australian Government.
- 'Digital Continuity 2020 Implementation Plan' – forms part of the Archives' strategy to implement the recommended actions of the 'Digital Continuity 2020 Policy' for digital information management. The Archives will achieve policy targets by the due dates and will continue to integrate robust digital information management into all business processes. The Executive Board performs the role of the Information Governance Committee to guide strategies to meet the Policy requirements.
- 'Charter for Information Governance' – guides all staff to ensure information is managed appropriately to support organisational outcomes.
- 'Digital Continuity Strategy for the National Archives of Australia's Corporate Information and Records – July 2013' – sets out the responsibilities for Information Governance and ICT staff to manage digital information in accessible and useable formats for as long as required.
- 'National Preservation Plan 2014–2018' – sets out the responsibilities for Collection Management staff to preserve the archival resources of the Commonwealth in an accessible format for the longest period possible.
- Digital Preservation Policy – sets out the responsibilities for Archives' staff to ensure the long-term preservation and accessibility of the archival resources of the Commonwealth which were created or managed in a digital format.
- Risk mitigation strategies - the major area of risk to the Archives' information assets is information loss, either through accident or negligence or through malicious behavior. To reduce this risk, the Archives has compiled the following:
- 'High value and long term information risk registers' – records the location of all high risk, vital and important information related to both core business and administrative business.
- 'Information systems architecture register December 2017' – lists the Archives business systems, tracks their assessment using the checklist below and notes any information governance documents for each system.
- 'Information Management Functionality Checklist' – a validation tool used to assess all new business systems and existing systems undergoing significant changes. The checklist is based on the National Archives Business Systems Assessment Framework for assessing systems against the ISO 16175 Principles and Functional Requirements for Records in Electronic Office Environments and the Minimum Metadata Set.
- 'TEMPLATE – Information Management Functionality for Business Systems 2016' – sets out the method for documenting an information management plan for each system, if needed after assessment against the checklist above.
6. Archives' information systems
The Archives operates a number of information systems to meet its business needs, accountability requirements and stakeholder expectations.
- systems used for Archives' unique functions (eg RecordSearch, Digital Archives System)
- systems and databases used for administrative functions (eg FinanceOne for financial management, Aurion for human resources, e-Commerce for online payments).
To ensure that information in the Archives systems continues to meet these needs, the RkU and system business owners regularly assess systems using the 'Information Management Functionality Checklist' to ensure information management requirements are met.
Consistent with Digital Continuity 2020 Policy requirements, new systems will meet the 'Information Management Functionality Checklist' requirements. The checklist enables a risk-based approach to determine whether information management in the system is adequate or if there are any gaps that need to be addressed by implementing solutions. Based on the results of assessments, a plan is developed for managing information within each system and plans are placed on the 'Information Systems Architecture Register' to maintain oversight over time. The checklist also includes the minimum metadata set.
One of the primary information systems for the Archives is the Recordkeeping System (RkS), an instance of HPE Records Manager. It has a major role in managing the Archives' information as it meets the requirements of the international standard ISO 16175-2 and is configured for long term information storage in a controlled environment structured according to the Archives' business needs.
The RkS is used to manage unstructured information, such as documents, spreadsheets and emails generated by Archives staff. The RkS can also accept information exported from many other sources, where this is needed to aid our management of digital information.
- Digitised copies of paper source records
- Information from any business systems less suitable for long term storage or not meeting information management requirements.
Creation and maintenance of paper files is limited to only 'CLASSIFIED' information or in special circumstances as approved by the Chief Information Governance Officer. The Archives has a secure network and information system to support access examination but it has not been practical or necessary to extend this, to avoid a small number of paper files being created.
Some less controlled systems such as email inboxes and folders (Outlook and other email accounts), personal or shared network drives, external storage media, or temporary documents folders, are available to Archives staff to facilitate business activities or for reasonable personal use. These systems have limited controls and are not suitable for storing most business information. Archives' staff are required to file any useful information in the RkS or an approved business system and discouraged from using these systems other than to facilitate more immediate business activities.
7. Roles and Responsibilities
The Director-General of the National Archives of Australia (also the Chair of Archives' Information Governance Committee) is responsible for:
- the standard of information management within the Archives
- the efficient, effective and ethical use of information resources within the Archives
- authorising the Information Governance Framework and the Information Management Policy
- approving major reviews of information management capability and maturity, such as the Check-up Digital online assessment
- promoting compliance with the Archives' information management policies and procedures.
The Information Governance Committee (which comprises of members of the Executive Board) is responsible for:
- governance over information assets of the Archives, including frameworks, policies, processes, standards, roles and controls to meet regulatory, legal, risk and operational requirements
- monitor effectiveness of the Archives' information governance framework
- ensure coordination of the Archives' information governance reporting and external information audits and reviews
- identify who is responsible within the Archives for information assets identified in audit and review processes
- monitor information infrastructure according to the Archives' business information needs
- coordinate internal information reviews to identify information assets and their value, manage risk and compliance, and improve business processes
- ensure that the Archives' information is managed for its entire life in accordance with risk, including risks associated with security, access, privacy, continuity, and cost
- ensure coordination of information standards implementation, for example, business systems functionality, metadata and interoperability capabilities
- ensuring the Archives meets its Digital Continuity 2020 Policy targets.
The Assistant Director General responsible for information management (Information Policy and Systems branch) shall:
- ensure that the Archives information management practices comply with its obligations and responsibilities as an Australian Government agency
The Chief Information Governance Officer shall:
- be accountable for enterprise-wide governance of information assets to break down silos and create new opportunities to deliver better business outcomes
- report to the Information Governance Committee on the governance of the organisation's information assets, including the Archival Collection
- establish the culture for a more accountable and business-focused information management environment
- represent the Archives for whole-of-government information initiatives, such as implementing standards, information and system interoperability
- other strategic, engagement, promotional and technical responsibilities as outlined in the CIGO responsibilities outlined by the Archives
- develop strategies to ensure the Archives establishes itself as an exemplar site of information management
- oversee, support and review the functionality of the Archives' information management system(s)
- approve the destruction of Archives' business information, with concurrence from relevant business owners across the Archives
Assistant Director, Information Governance (operating under the supervision of the Chief Information Governance Officer) shall:
- develop, maintain and review this Framework, and the supporting policy, guidelines and procedures for the consistent management of Archives' information
- maintain and monitor the Archives' Records Authorities
- provide input and advice on the functionality and compliance of agency's business systems
- co-ordinate the delivery of information management training and advice to all staff
- liaise with internal and external stakeholders on information management issues
- provide secretariat to the Information Governance Committee.
Staff in the Information Governance Section (operating under the supervision of the Chief Information Governance Officer) shall:
- promote the Archives' information management policies and procedures to all staff
- monitor staff compliance with the information management principles, policies and procedures
- deliver information management training and advice to all staff
- ensure that business information is kept for as long as required
- inform and assist ICT to develop solutions for better use of information during business processes.
ICT staff, including system administrators shall:
- ensure that technologies are developed and implemented efficiently and that they support information management principles and strategies outlined in this document
- provide Information Technology support
- promote accessibility, usability and interoperability of the Archives' business systems.
All managers and supervisors shall:
- monitor staff under their supervision to ensure that they understand and comply with the Archives' information management principles, policies and procedures
- support and foster a culture within their workgroup that promotes good information management practices.
All employees of the Archives shall:
- understand the information management obligations and responsibilities that relate to their position
- adhere to organisational policies, procedures and standards in keeping information documenting their daily work, and specifically create and capture information into approved information management system(s) for the following business activities:
- approval or authorisation
- guidance, advice or direction
- information relating to projects or activities being undertaken
- formal business communications between staff and external recipients
- formal business communications between staff
- not destroy business information, regardless of format, that is evidence of business activities unless approved by the Information Governance Section.
This Framework will be reviewed every two years from the date of approval, unless required earlier.
National Archives of Australia
19 December 2016