These actions are part of the Digital Continuity Plan and are aimed at achieving the digital continuity outcomes. The other two parts are Focus on the business and Focus on the people, processes and technology.
To ensure that digital information remains accessible, usable and secure over its lifetime, it needs to be actively managed from creation to deletion.
For digital information to be considered authentic and reliable, it must be available and usable in context. Digital content should not be kept without contextual information on when it was created, who created it or why it was created. Metadata provides the context for digital information that allows it to be accessed, used and re-used.
A significant proportion of metadata can be generated automatically by systems or through specialised work processes. However, users or creators of information may need to assign some metadata themselves.
Metadata must remain associated and managed with the information it describes for the life of the information. Metadata may be changed or added to as the status of the information changes.
To assist with continued access to digital information it is important to consider the formats that are used to manage digital information. For example, formats that are likely to become obsolete, are not widely supported or require proprietary software for access pose risks to the usability of information. Immediate business requirements and long-term uses of the information should determine the appropriate technical solution.
You should explore all technical solutions to determine what best suits your business needs. For example, it is important to consider the number of different file formats that you are using for digital information and determine if these are sustainable.
It is important to understand the systems used to create, maintain and read digital information, as this will help your agency to decide what systems it needs to access current, past and future digital information.
When digital information needs to be exchanged with other agencies or shared with the community, or transferred or migrated to other systems within your agency, it will be important that the business context, processes, systems and standards used to create, maintain and interpret the digital information are understood.
The Australian Government Interoperability Framework (pdf, 2.4mb) documents the methods for digital information interchange among agencies and systems.
Digital information is vulnerable during times of change, and it is important to consider the impact of any changes – for example staff turnover (recruitment and loss); amalgamation and separation of agencies; increase or decrease in responsibilities; or the introduction or update of IT systems – on digital information.
The Australian Public Service Commission, the Department of Finance and Deregulation, and the Department of Education, Employment and Workplace Relations, in consultation with the Department of the Prime Minister and Cabinet and the National Archives, have produced a good practice guide entitled Implementing Machinery of Government Changes.
The National Archives provides advice on the records management requirements as a result of machinery of government changes.
The Defence Signals Directorate also provides guidance on change management and security of systems in its Information Security Manual.
A regime of ongoing checks of information is necessary, particularly following change, to ensure that any issues affecting the usefulness of information are identified in a timely manner and corrective action is taken.
Regular, automatic integrity checks should be performed to ensure that information has not been inadvertently changed. This should be included in tests of your business continuity plan. When information is converted to new formats, it is recommended that a manual comparison of a sample of the information be carried out.
The General Records Authority 31: Source (including original) records after they have been copied, converted or migrated (GRA 31) provides more information on quality assurance measures.
E-government requires more responsive, comprehensive and integrated government operations and service delivery. An underlying assumption is that information that is received or provided digitally in the course of e-government operations will be processed and managed digitally throughout its useful life. Agencies need to ensure that processes, systems and tools can manage digital information effectively for as long as the information is needed.
This might involve:
Effective digital continuity includes disposing of digital information when it is no longer needed. The larger the volume of digital information that is kept, the more difficult it will be to access relevant information when it is needed. There are avoidable risks associated with keeping information longer than required. This may include inappropriate disclosure, and legal discovery or FOI requests.
Permission to keep, destroy or transfer Commonwealth records to the National Archives is provided through records authorities issued by the Archives under the Archives Act 1983. For practical purposes, all information created, sent and received in the course of carrying out the business of your agency should be considered a Commonwealth record.
Records authorities are legal documents that indicate how long records need to be kept. Your agency should have an ongoing program to dispose of information using appropriate records authorities.
Under the normal administrative practice provision of the Archives Act, records that are duplicates, unimportant or of a short-term and facilitative nature can be destroyed.
Agency-specific or general legislation may direct that a particular action be taken for some information or records.
Destroying digital information is often not easy. 'Deletion' does not equal 'destruction': with some effort, digital information can be recovered after deletion. This needs to be accounted for in digital information management policy and practices and a risk assessment should be carried out.
There is a detailed process for destroying records identified by the risk assessment as needing to be securely and completely destroyed. Specific advice on sanitisation and destruction is available from the Defence Signals Directorate Information Security Manual.