Case Study – Department of Immigration and Border Protection

A case study for the assessment of systems against ISO 16175

Summary

An ongoing project embeds the international standard OS16175 for creating and managing digital information in office environments and includes assessing and managing risk associate with non-compliant existing system. Benefits of this project include promotion of better information management practice and governance, and sharing insight with other agencies.

Agency overview

The Department of Immigration and Border Protection (DIBP) is committed to building Australia's future through the well-managed movement of people.

The diverse portfolio includes managing migration, humanitarian and citizenship policy and programmes. The department works to keep Australia secure through border management and facilitate travellers crossing the border. The organisation strives to make fair and reasonable decisions for people entering or leaving the country, ensuring compliance with Australia's immigration laws and integrity in decision-making. Every day the department helps people take the final step in their migration journey to become Australian citizens.

The department delivers services through offices in every Australian state and territory and in 52 posts outside Australia.

From 1 July 2015, the Department of Immigration and Border Protection and the Australian Customs and Border Protection Service will be consolidated into a single Department of Immigration and Border Protection, incorporating the operational enforcement arm, the Australian Border Force (ABF).

Introduction

The records management function within DIBP has been subject to various audits in the past five years. The last significant audit was the Records Management in the Australian Public Service, Audit Report No.53 2011-12. In this report, the ANAO identified three recommendations. Recommendation No.3, paragraph 3.37, recommends DIBP to:

  1. Identify electronic business systems which contain records and that need to need to be managed systems; and
  2. Address the use of individual electronic business systems to meet records management requirements, including their relationship with agency's core records management system.

In addition to the ANAO report recommendations, DIBP has commenced with the assessment of business systems against ISO 16175 to progress towards the recently announced Digital Continuity 2020 Policy. This policy sets out digital continuity targets for 2020. One of the targets set and endorsed by Senator George Brandis is:

  • All new business and ICT systems and tools will comply with International standard ISO 16175, Principles and Functional Requirements for records in Electronic Office Environment

Project objectives

The background and objective of the project is to embed ISO 16175 in the design and procurement of new departmental systems due to departmental recordkeeping policy.

The Department's Secretary's Instruction 4 – Recordkeeping and associated recordkeeping policy stipulates that any new system developed by business areas must identify all recordkeeping requirements and ensure adherence to legislative and statutory requirements of ISO 16175 Principles and Functional Requirements for records in Electronic Office Environment

Project execution

To commence work addressing ANAO audit recommendation three (3) and progression towards the Digital Continuity 2020 Policy vision, Records Management commenced initial discussions with the Enterprise Architects as a starting point to raise awareness of the impact and benefits of the standard. As an implementation strategy, targeting new ICT business systems was the quickest and easiest way to ensure adoption of ISO 16175 within the department.

Discussions were held with Enterprise Architects (EAs) to raise their awareness of ISO 16175 and identify the critical reasons why ISO 16175 was being implemented and the advantages to DIBP once embedded within each system.

To facilitate the uptake of ISO 16175 by the EAs, Records Management developed two working papers that articulate the Recordkeeping Principles and Recordkeeping Requirements for the implementation and compliance of ISO16175. Both working papers were formally submitted to the Enterprise Architects Working Group (EAWG) for consideration as a formal document and body of work required for all new business systems within the department to be compliant with.

Early in 2013, in consultation with the National Archives of Australia (NAA) and other interdepartmental forums and discussions, Records Management developed an assessment tool for already implemented business systems to be rated against the standard. Records Management identified current business systems not compliant with ISO 16175 were a big risk to the department as identified in the ANAO report Records Management in the Australian Public Service.

In addition to assessing all new business systems, Records Management, in collaboration with business has commenced assessing business systems for compliance against ISO 16175. The first business system was the corporate recordkeeping system TRIM. The assessment identified areas of non-compliance and the Records Management section is working towards solutions and strategies to enable the system to become compliant in the near future.

Records management has also undertaken recent assessment of other business systems against the standard. These are:

  • ISR (Identity Services Repository – for checking client identify information)
  • IMtel (Integrated Management Intelligence System – departmental integrity/intelligence knowledge base)
  • CISNET (Country Information Services – for refugee decision making)
  • ICSE (Integrated Client Service Environment – for processing visa applications)

Based on information currently at hand, it is assumed that none of the above business systems will be compliant. Records Management is working with business to improve the rating to ensure that the systems are compliant or the risks associated with non-compliance are assessed and well-documented.

Records Management understands the importance and complexity of embedding ISO 16175 within the department and has allocated a full-time equivalent resource as part of BAU activities. This resource continues to develop the necessary stakeholder relationships, documents and tools to continue promoting and assessing business systems for compliance against ISO 16175.

Project outcomes

Records Management has realised the following benefits from the project:

  • Built a strong stakeholder relationship with ICT – permanent member on the Enterprise Architect Working Group, representing Records Management, to embed records management standards and best practice into all EA decisions and actions
  • Promotion of better practice in information management and governance within DIBP
  • Development of draft assessment tools and documents to explain how to implement ISO 16175 within business systems
  • To share insight gained so far with NAA and interdepartmental contacts – to further develop and implement ISO 16175 assessment tools and documents.

Project impact

To date, these are only initial project outcomes and benefits for DIBP. It is anticipated that many more will be realised, once further work is conducted on business systems for compliance with ISO 16175.

Copyright National Archives of Australia 2017