Information is an essential and valuable asset to government business.
Information can come from various sources such as:
- Records created, captured, and managed by your organisation
- Raw and/or analysed data
- Intranet content
- Web, libraries, and research companies, etc.
- Information and data purchased/provided by vendors/suppliers, etc.
Most of the information found in your organisation can also be classified as records.
Back to topWhat is information management?
Information Management (IM) is the ‘planning, collection, control, distribution and exploitation of information resources within an organisation, including systems development, and disposal or long-term preservation’ (AS ISO 5127:2017, section 3.2.1.23).
It involves planning, designing, and implementing effective processes, governance, and infrastructure to manage information throughout its lifecycle (creation, management, use/re-use, destruction or preservation).
Back to topBenefits of effective information management
There are many benefits to having effective information management such as:
- Enables organisations to have quality information, i.e. information that is meaningful, reliable, trustworthy, and usable.
- Ensures timely and efficient identification and retrieval of records and information as needed, including in response to information requests from the public.
- Informs decisions made on systems and processes based on information value, risk, and costs.
- Facilitates improved business analysis and decision making, both strategic and operations.
Information management and the State Records Act
The State Records Act 1998 requires NSW public offices to:
“make and keep full accurate records of the activities of the office” (Section 12.1)
Establishing good information management processes, governance, and systems/infrastructure will assist the organisation to meet this important obligation in the Act. It ensures that the organisation creates, captures, and manages records which are reliable, useable, and trustworthy.
Back to topApproaches/strategies for implementing information management
1. Big picture planning
The NSW Government's Information Management Framework is a useful starting point when implementing information management. Use the framework to:
- Strategically plan and manage records and information as an asset and enabler of digital transformation
- Review current business operations, initiatives, priorities, strengths, and challenges
- Drive information access and sharing across government and with the community.
2. Collaborate
Collaborate with all business units including governance, compliance, risk management, ICT, and legal. Consider their information requirements and strategic planning for short, medium, and long term goals.
Recognise the needs of external stakeholders including other government organisations, clients, and the community.
Consider:
- What records do you need to create, capture, manage and make accessible?
- What data and information do you need to support your operations?
- What data and information do you need to produce or make available?
- How can your users and customers access the required information? Is it easily identifiable and accessible?
- Does it meet the user and customer’s needs?
- Is it used and managed in accordance with regulatory requirements and community expectations?
3. Adopt an Information Governance approach
Information governance establishes an environment where:
- Policies are developed and implemented to guide and control how data, records and information are created, captured, managed, protected, used and/or accessed
- Information management roles and responsibilities are assigned
- Information management strategy and goals are set/quantified, measured, monitored, and audited
- Multi-disciplinary teams work together to determine the best course of action to solve records and information issues
- Business processes and procedures are in place to implement records and information management policies
- High-value and high-risk records and processes are identified and prioritised
- Resources can be mobilised to direct acceptable actions or solutions
- Recordkeeping and information requirements are considered as a whole.
For additional information and sources please see our guidance on Recordkeeping Requirements.
4. Risk-based approach
Recognise and examine all aspects of risk. Review risk registers, business continuity plans, information asset registers, etc. to establish and assess information risk.
Identify high-risk/high-value areas of business including systems, records, information, and data.
Public offices should ensure that costs associated with mitigating information risks in ICT infrastructure are justifiable and comparable to the values of the records and information.
5. Incorporate records and information management ‘by design’ approaches for services and systems
To allow for effective service and system design consider:
- Identifying requirements for records as evidence of transactions between your organisation and stakeholders
- Identifying requirements for the information lifecycle
- Recognise the specification requirements for
- procurement
- maintenance
- protection of information (ensuring that records and information cannot be altered or tamped with)
- monitoring
- storage
- migration
- prevention of deletion until authorised
- long-term preservation.
This will further provide opportunities for business and technology improvements.
Back to topSpecific responsibilities of records and information managers
Information management impacts on all areas of the business. There are multiple risk and transition points in which records and information managers should be involved, including:
System and process design
- Facilitate the specification of processes for creating, structuring and managing information according to business needs.
- Assist with the development, integration, migration of records and information, upgrading and decommissioning of systems, and with the transition to new systems and outsourced or cloud services.
- Implement training and support for users to understand, leverage and utilise business information.
Information sharing and risk
- Identify and address barriers to information sharing and re-use, within and between government agencies, with the public, and other stakeholders
- Support information and cyber security staff with the identification and implementation of information security requirements
- Identify information risks, and contribute to enterprise risk assessments.
Managing information for accountability and value
- Facilitate the identification of core information required to support business processes, and identify strategies for change management, legacy data management and long-term digital continuity
- Identify the necessary attributes of information integrity to support the organisation’s accountability requirements.