Establishing an information governance committee
What is an information governance committee?
Your agency’s information governance committee is responsible for all information matters ranging from compliance, strategy and infrastructure to metadata standards and privacy. It requires key senior management buy-in and support from all relevant information specialist stakeholders such as those responsible for ICT, legal, business, information management, security, privacy, and freedom of information.
An information governance committee can be established as a board, a working group, or its responsibilities can be absorbed into an existing governance committee. Your agency is in the best position to set up a workable committee and determine where it sits in your organisational structure.
The committee will be more effective if it has a direct reporting line to your agency head and has the authority to plan and manage information matters holistically and strategically.
Refer to the sample terms of reference for an information governance committee for direction on how to set up an information committee.
Why establish an information governance committee?
Information governance relies on the strategic interaction between all key information stakeholders. An information governance committee provides your agency a mechanism to develop a consistent, systematic and whole-of agency approach to managing information.
What does an information governance committee do?
- Establish and review the effectiveness of your information governance framework, strategies, policies and architecture.
- Define, assign and coordinate information-related roles and responsibilities. By mapping out roles and responsibilities your agency will be in a better position to manage risks associated with information.
- Identify information risks and mitigate those risks including those associated with compliance, security, access, privacy, continuity, management and cost.
- Advise on resource allocation to manage information assets over their life, including infrastructure planning and management. This should be based on information costs and benefits.
- Approve business cases for the procurement of business systems to ensure they meet information needs and standards.
- Implement an information management workforce plan so appropriately skilled and specialised staff are available in your agency.
- Coordinate an information review. The information review process can be used as both as a planning and reporting tool and can inform the committee whether information is being managed by the right people, in the right location, and for as long as it has value.
- Coordinate business system assessments to evaluate whether systems have the necessary functionality to manage business information needs and risks.
- Coordinate information governance reporting both internal and external to your agency, for example Check-up Digital.
- Prioritise and coordinate information management initiatives. For example, address whole-of-government information management initiatives such as Digital Continuity 2020 or the Information Publication Scheme.
- Identify new opportunities such as repurposing information and improving business processes for better information management and business outcomes.
Terms of reference for an information governance committee – sample only
Purpose and authority of the information governance committee
Outline the authority and responsibility of the committee so it can achieve agency-wide information governance. Note your agency needs to decide how the committee will work with functional areas such as information, data, ICT, freedom of information, security and legal.
The terms of reference for the information governance committee were approved by [x] on [x].
The information governance committee is responsible for the management of agency information and data, and coordinates agency information and data management frameworks, strategies and policies.
The role of the information governance committee is to:
- monitor effectiveness of the information governance framework, and all information strategy, policy and architecture documents
- coordinate agency information governance reporting and external information audits/reviews, for example, Check-up Digital
- identify who is responsible within the agency for information assets identified in audit and review processes
- develop an information management workforce plan, in conjunction with the Human Resources area
- plan, implement and monitor information infrastructure according to business information needs. For example, the committee will approve business systems procurement business cases to ensure they meet information needs and standards
- coordinate internal information reviews to identify information assets and their value, manage risk and compliance, and improve business processes
- ensure that agency information is managed for its entire life in accordance with risk, including risks associated with security, access, privacy, continuity, and cost
- interdepartmental liaison for whole-of-government information initiatives such as implementing standards, information and system interoperability
- coordinate information standards implementation, for example, business systems functionality, metadata and interoperability capabilities.
Extract your information principles from your existing framework or strategy documentation. If your agency does not have any guiding information principles, you may refer to the National Archives' success criteria for agencies in relation to the Digital Continuity 2020 Policy to help.
The committee is guided by the following information principles:
- All information we create is ready for re-use, is interoperable across the Commonwealth and is available and usable for as long as needed.
- All information is discoverable across our organisation by those with legitimate need.
- Our information is accurate, up to date and complete.
- Our governance mechanisms ensure that information management practices support good decision making, with integrity, accountability and transparency to deliver good business outcomes.
- Our systems protect information from unauthorised alteration, deletion or misuse.
- Our people understand and appreciate the value of information as an asset for the organisation and the Commonwealth, as the intellectual property of the nation and cultural heritage of our people.
Membership of the committee will depend on the size and complexity of your agency. Senior representation is required from all information, data and records stakeholders.
Membership of the committee may consist of the following:
- Chair: Senior executive responsible for information management, that is Chief Information Officer or equivalent responsible for information and data management
- Chief technology officer
- Senior legal officer
- Freedom of information manager
- Security advisor
- Senior representatives from business areas responsible for valuable information assets
- Senior corporate governance representative
Outline the frequency of committee meetings. This will depend on the size and complexity of your agency. Quarterly meetings are recommended as a minimum.
The committee will report to the agency head [quarterly].
Outline the committee's annual business plan which will indicate priorities and what it will do each year.
Secretariat support will be provided by the [x].