Shared systems between government agencies
Sharing information between government agencies is becoming more common. It often involves the use of shared databases, servers and web portals.
All information created, sent and received as Australian Government business is a record and should be managed. This applies to information and records retained in shared systems.
The following advice provides guidance on how information and records management can be performed by government agencies using shared systems.
What are shared systems?
Shared systems are IT systems in which one or more agency or organisation can:
- create or manipulate information (enter, update or edit data)
- maintain the system (manage the technology and records of its operations)
Shared systems allow a number of government agencies to share information and can span different jurisdictions (federal, state and local government). Private organisations or members of the public can also be parties to a shared system.
Some examples of shared systems used by Australian Government agencies include:
- web portals that provide a single entry point for related services, information and websites
- shared data repositories, such as databases or servers
- email forums or discussion lists hosted by agencies
Shared systems generate two distinct sets of information and records:
- information and records of transactions between parties, referred to as 'business records'
- information and records about the operation and maintenance of the system, referred to as 'system records'
Owning a shared system
If your agency is the owner of a shared system, you need a policy for the management of records within that system. This way, your agency (the owner) is able to account for the operation and reliability of the shared system.
Appoint a manager for system records to ensure that sufficient evidence of system operations is generated and captured. The manager also needs to consider the retention and disposal of these system records.
Good management of user access and system security is essential to protect information within shared systems from unauthorised access and modification.
Responsibilities for shared systems
Requirements of shared systems need to be considered within the framework of your agency's information and records management policy.
Agencies using shared systems should be clear on the boundaries of the shared system and the resulting information and records they need to keep.
Where two or more parties share information or manage a system consider the following questions about responsibilities for information and records management:
- who owns the system?
- who is responsible for managing the system?
- who is responsible for the records produced within the system?
- who is responsible for managing the records produced within the system?
- what responsibilities do users of the system have?
- what records need to be created in the system, and how should they be created?