Advances in technology have ensured that it is now easy to create, replicate and share digital images. However, these images generally take up a lot of storage space are more susceptible to abuse or human error. Therefore it is important to carefully address issues regarding the capture, management and disposal of digital images, particularly if they are to be used for evidentiary purposes.
Codes of best practice are industry standards which codify and describe best practice, and are a benchmark for measuring processes, practices and systems. They underpin and support mandatory requirements in standards issued by State Records NSW. They provide further information about processes, practices or systems and will assist a public office in understanding and implementing requirements contained in the standards. Codes of best practice are not designed for a formal auditing framework. Nonetheless, failure to comply with a code of best practice would leave a public office open to criticism in an investigation where recordkeeping practices were an issue.
State Records NSW recognises the challenges of managing vast quantities of records, information and data in the current environment of increased cyber risks and an ever-changing technology landscape.
The minimum compliance requirements 2.2 and 2.3 of the Standard on Records Management direct public offices to strategically focus on high-value and high-risk areas of business. These requirements ensure that:
- records, information and data required as State archives and/or of high-value and high-risk are prioritised, protected and managed
- records and information management is a designed component of the most valuable and critical information and systems
- records and information management strategies and initiatives align with the organisation's critical business priorities
- resources (time, money and staff) invested/allocated are proportionate to the business value of the records, information and data.
This approach to identifying and prioritising records of high-value and high-risk also matches up with the approaches taken by cyber security to protect the most critical information assets of the organisation.
How records and information management techniques and skills can contribute to information security objectives
This advice examines how the work you are already required to do as part of the management of your records management program can be used to meet information security objectives, including compliance with the Australian Standard AS/NZS ISO/IEC 27002:2006 Information Technology – Security Techniques – Code of Practice for Information Security Management.
Information security is the preservation of the confidentiality, integrity and availability of information. This page answers a number of questions about information security in relation to records and information management.
Information is an essential and valuable asset to government business.
Information Management (IM) is the ‘planning, collection, control, distribution and exploitation of information resources within an organisation, including systems development, and disposal or long-term preservation’ (AS ISO 5127:2017, section 188.8.131.52).
It involves planning, designing, and implementing effective processes, governance, and infrastructure to manage information throughout its lifecycle (creation, management, use/re-use, destruction or preservation).
The purpose of this section is to outline considerations that should be taken into account when deciding whether to conduct your back-capture digitisation project in-house or outsource it to a service provider.