Information and data governance framework

24 February 2021

1. Overview

1.1 Purpose

This Framework has been developed to assist the National Archives of Australia (NAA) to strategically manage its information and data assets. It provides a basis for decisions and activities relating to our information and data assets. It aligns with the key standards, policies and strategies of the NAA and the Australian Government.

1.2 Scope

This Framework applies to all information, data and records managed by the NAA, including the archival resources of the Commonwealth, in all formats and locations.

Information and data assets created or maintained by the NAA generally fall within two categories:

  • corporate information and data assets in active or semi-active use, including archival management data (eg in RecordSearch), and
  • collection material comprised of information and data created by Commonwealth agencies and persons and selected as archival resources of the Commonwealth under the Archives Act 1983 to be preserved in perpetuity and used on demand.

All information and data assets are included in this Framework to ensure the NAA accountably meets its vision to be a world leading archive in this digital age.

1.3 Objectives

This Framework aims to:

  • affirm the NAA's commitment to effective governance and management for all its information and data assets, including the archival resources of the Commonwealth
  • clearly define the standards, expectations and responsibilities for managing information and data for all NAA's staff, and
  • ensure the NAA's information and data management practices meet its legal obligations, accountability requirements, business needs and stakeholders’ expectations.

2. Principles

The following principles will guide all staff in managing information and data at the NAA:

  • Information and data are central to the work of the NAA:
    • We are custodians of a large collection of government information and data assets.
    • We create valuable corporate information and data as part of managing this collection.
    • We use information and data to inform, implement, document and communicate our activities and decisions, promoting the ability to work cohesively as one Archives.
  • The NAA is the primary custodian of the archival resources of the Commonwealth for the Australian people:
    • We define our vision for the collection, both digital and analogue, and create our policies, plans and processes to realise this vision.
    • Decisions about the collection are made with a view of long-term preservation and accessibility to perform our obligations under the Archives Act 1983.
    • Decisions about collection assets are made to consider their full lifecycle at the NAA: from selection to custody, preservation and access. All relevant stakeholders will participate in the decision-making.
  • The NAA will fully implement the Information Management Standard for Australian Government. The Standard applies to any information and data created as part of the NAA's business activities, including as part of managing the archival resources of the Commonwealth.
  • Technology facilitates the creation and management of information and data assets, but information and data have a lifespan longer than the technology cycle. Data and information will be considered as a separate entity to technology and governed in accordance with its value and risk.
  • Working together across branches and sites is critical to the work of the NAA. To support this, the NAA will seek out tools to support staff to communicate and collaborate, promote information sharing, and break down siloes.
  • Information and data assets will be governed to promote

    This approach to governance will support business outcomes and ensure information and data are managed as a vital business asset.

    • usability as a valuable organisational asset,
    • accessibility through appropriate formats and metadata, and
    • interoperability as needed across systems and time.
  • The NAA's information and data are open by default unless there is a legal requirement (eg. Archives Act 1983) or a legitimate need to restrict access.
  • Our policies and plans for our information and data assets can be accomplished with the resources available.
  • We will have consistent collection and corporate information governance processes, in accordance with our plans and policies, while recognising that different locations are operating in different environments.

3. Roles and Responsibilities

All NAA staff Understand and carry out the information and data management requirements of their role

Where appropriate, perform collection management activities and make decisions affecting the collection that maintain its long-term integrity, consulting with other areas that may be affected by their decisions

Document their daily work, and save it in the right location in a way that can be found again, particularly:

  • approvals
  • guidance, direction or advice
  • information about work activities
  • internal and external communication
  • research

Ask for assistance from their supervisor or the Information Governance team if they have any questions about managing their information and data

All managers and supervisors Consider information and data management needs and risks when
  • decisions are made
  • technology or tools are selected, upgraded or decommissioned
  • projects initiated, and
  • processes established or reviewed.

Support staff so that they understand and follow all information and data management requirements of the NAA

Foster a team culture that works together on consistently managing our information and data

Model good information and data management practices

All Information &Technology staff Ensure that technologies and tools are developed and implemented to support effective and compliant information and data outcomes; liaise with the Information Governance team for advice and guidance

Enable the NAA to achieve its vision and goals through good technology decisions that consider information and data management needs and risks

Promote accessible, usable and interoperable business systems for the NAA

Information Governance team Proactively provide advice and guidance on information and data management when
  • decisions are made
  • technology or tools are selected, upgraded or decommissioned
  • projects initiated, and
  • processes established or reviewed.

Provide information and data management training options in different formats for NAA staff in all locations

Provide advice and guidance for NAA staff on all aspects of information and data management

Assistant Directors, Information Governance

Monitor compliance on information and data management requirements for the agency

Develop policies, guidelines and procedures to support good outcomes for the NAA's information and data assets

Provide input and advice on the information and data management functionality of NAA's systems

Provide secretariat to the Information Governance Committee, including quarterly reporting on information and data governance compliance

Chief Information Governance Officer (Member of the Information and Data Governance Committee) Be accountable for enterprise-wide governance of the NAA's information and data assets

Oversee the implementation of information and data standards and requirements at the NAA

Approve disposal of the NAA's corporate information and data assets, in accordance with the relevant records authorities

Ensure the NAA makes the best use of its tools and technologies to support good information and data outcomes

Engage with internal and external stakeholders to promote information and data governance at the NAA

Represent the NAA as a government agency on the development of information and data standards and policies across government

Assistant Directors-General Provide leadership in their Branches on information management needs and risks when decisions are made, technology or tools are selected, projects initiated, and processes established or reviewed
Chief Information Officer (Chair of the Informaiton and Data Governance Committee) Oversee the information and data governance function at the NAA, including any obligations and responsibilities as an Australian Government agency

Ensure information and data management functionality is a key factor in the NAA’s technology and software procurement processes

Represent the NAA as the exemplar agency in the Australian Government and as a strategic leader in information and data governance across the Australian Government, cross-jurisdictionally and internationally

Information and Data Governance Committee Ensure coordination of governance activities for information and data assets, including the development of frameworks, policies, controls and standards

Monitor effectiveness of information and data governance activities

Make strategic decisions in relation to NAA’s information and data assets

Director-General (member of the Information and Data Governance Committee) Provide oversight and direction for the overall standard of information and data governance and management in the NAA

Accountable for the efficient, effective and ethical management and use of information and data resources by the NAA

Authorise and approve strategic information and data management documents, reviews and reports

4. System Governance

Information and data are held in a number of information systems. These systems are governed to ensure the NAA meets its business needs, accountability requirements and stakeholder expectations.

These include:

  • systems used for NAA's unique functions: RecordSearch is the primary archival management system, and
  • systems for administrative functions: the Recordkeeping System (RkS) is our primary corporate information management system. It also acts as a collaboration and information sharing tool. The NAA will continue to improve and innovate how this system is implemented.

Systems and databases are

  • tracked and monitored using the Information Systems Architecture Register
  • assessed using the Information Management Functionality Checklist, and
  • strategically managed using Information Management Plans.

Regular monitoring and reporting to assure the integrity of the NAA's information and data assets will be strengthened as an important governance measure. Tools will be provided to business areas to quality assure our collection.

5. Strategies and Policies

IM_strategies

The following strategies and policies work together with the Framework and provide accountability and guidance for information and data governance:

  • Archives’ 2020 Strategic Plan – outlines the NAA's vision, mission and goals, including securing and preserving the archival resources of the Commonwealth.
  • Information and Technology Strategic Direction 2019-22 – provides the strategic and enabling services for the NAA's mission
  • The Archives Way – a set of cultural principles and behaviours that support and underpin our vision and mission 
  • CRS Policy Statement – identifies the Commonwealth Records Series (CRS) system as fundamental to organising the collection, recording and documenting its context, and controlling and managing collection assets
  • Archival Control Model – updates the CRS data model and describes how records will be defined, controlled and relationally descried within their context to inform the archival management systems adopted by the NAA in the future
  • Digital Preservation Policy – sets out the responsibilities for NAA staff to ensure the long-term preservation and accessibility of the archival resources of the Commonwealth which were created or managed in a digital format
  • Disposal of Records in National Archives’ Custody Following Digitisation Policy – outlines the framework for disposing of records of archival value in the NAA's custody following digitisation
  • Distributed Custody Policy – describes the NAA approach to management Commonwealth records of continuing value that are in the custody of an organisation other than the NAA
  • Policy for Transfer of Commonwealth Records into the National Archives of Australia’s Custody – sets out the circumstances under which official Commonwealth records or other material may be transferred from the custody of Australian Government agencies into the care of the NAA
  • Access Examination Policy – sets out the NAA policy for applying exemptions to information relating to the personal, business or professional affairs of any persons, in accordance with the provisions of the Archives Act 1983
  • Information and Data Management Policy – details the NAA's information management responsibilities, including systems, monitoring, legislation and standards
  • Cloud Information Governance Policy – sets out the information governance arrangements for information assets created, stored or managed through the use of cloud computing
  • Normal Administrative Practice (NAP) Policy – clarifies responsibilities and advises staff and contractors what information can be routinely destroyed in the course of normal business
  • Risk Management Policy – establishes expectations for how risk should be identified, assessed, documented and managed
  • Privacy Policy - outlines the NAA obligations for managing personal information in accordance with the Australian Privacy Principles (APPs) as specified in the Privacy Act 1988
  • Business Continuity Policy and Business Continuity Plan – provide a framework for the identification and development of actions to respond to and recover from disruptions to Critical Business Processes which have the potential to impact on the NAA's ability to meet its legislative and mandated obligations.
  • Information Security Policy – forms the basis for establishing effective controls that protect the NAA's computing facilities, human resources and intellectual property

6. Information and Data Governance Committee

The Director-General of the NAA, Chief Information Officer (Chair) and the Chief Information Governance Officer (CIGO), form the membership of the Information and Data Governance Committee (IDGC). The committee has formal responsibility for information and data governance oversight and coordination of the NAA’s information and data management frameworks, strategies and policies.

The Information and Data Governance Committee provides a quarterly report to inform the Executive Board of progress.

The Committee’s terms of reference and quarterly reports are available on the Infonet.

7. Implementation of the Information Management Standard

Implementing the Information Management Standard for Australian Government supports the NAA to create and maintain reliable and useable information and data. The following steps based on the standard's principles will support effective information management at the NAA:

  • Creating necessary business information, including documenting decisions and high level meetings.
  • Enabling ongoing use and re-use of data and information by making decisions and choosing approaches that put data and information at the centre.
  • Information systems will be procured, configured and developed to support the ongoing integrity of the data and information.
  • The currency and completeness of information will be indicated through descriptive metadata and other appropriate methods.
  • Information and data assets will be accountably disposed of, using existing policies and processes, and documenting the decisions and outcomes as required.

8. Risks

The major risks for NAA information and data assets are:

  • the unauthorised destruction of information and data (deliberately or inadvertently)
  • failure to identify, secure, protect, manage, transfer, store and preserve information and data of archival value
  • failure to provide access and collection control in accordance with legislative requirements
  • inability to transition to a digital environment with the capacity and capability to ingest, store, preserve, control and provide access to digital information.

Risk mitigation strategies include:

  • Information and Data Governance Committee – the committee has responsibility for strategic coordination and monitoring of governance of all NAA information and data assets. Secretariat is provided by the Information Governance section
  • Chief Information Governance Officer – this role supports the Information and Data Governance Committee and is accountable for enterprise-wide governance of NAA information and data assets
  • Information Systems Architecture Register – documents the NAA business systems and key information and data assets and identifies key system attributes
  • Information Management Functionality Checklist – a validation tool used to assess all new business systems and existing systems undergoing significant changes. The checklist is based on the NAA's Business Systems Assessment Framework and the Minimum Metadata Set.
  • Information Management Plans – outline the value of information and data assets and identify strategies to manage them over time according to their value in an accountable and transparent manner
  • Completing the NAA annual reporting survey to ensure the NAA is accountably meeting its information requirements

9. Environment

The NAA was established under the Archives Act 1983 (the Act). As an executive agency of the Australian Government, the NAA provides leadership in best-practice management of the official record of the Australian Government and ensures that Australian Government information of enduring significance is secured, preserved and available to government agencies, researchers and the community.

The NAA:

  • sets the information management standards that must be met by Australian Government agencies
  • authorises the appropriate destruction of Australian Government information of no enduring significance
  • manages Australian Government information of enduring significance as part of the national archival collection
  • preserves and secures the national archival collection
  • ensures that public access to the national archival collection is provided in accordance with the Act to the fullest extent, while taking proper account of privacy, security, confidentiality and public interest.

9.1 Relevant records authorities

  • National Archives of Australia Records Authority 2007/00576124
  • National Archives of Australia Records Authority 2010/00206866
  • Administrative Functions Disposal Authority (AFDA Express Version 2)
  • Cultural Collections Records Authority 2011/00275285
  • General Records Authority 26 – Advisory Bodies 2009/00815192
  • General Records Authority 31 – Destruction of source or original records after digitisation, conversion or migration 2015/00499297

9.2 Relevant standards

Relevant national and international information and data management standards and policies include:

9.3 Relevant Australian Government policies

Whole-of-Government policies and strategies impacting on the management of information and include:

9.4 Relevant legislation

Legislation impacting on the management of the NAA’s information and data includes:

  • Archives Act 1983
  • Australian Information Commissioner’s Act 2010
  • Crimes Act 1914
  • Evidence Act 1995
  • Electronic Transactions Act 1999
  • Freedom of Information Act 1982
  • Privacy Act 1988
  • Public Governance, Performance and Accountability Act 2013
  • Fair Work Act 2009
  • Public Service Act 1999
  • Archives Regulations
  • Public Service Regulations 1999
  • Australian Public Service Commissioner's Directions 2016
  • Privacy Regulation 2013
  • Electronic Transactions Regulations 2000

10. Review

This framework will be reviewed every two years from the date of approval, unless required earlier.

11. Authorisation

Approved by:

David Fricker
Director-General
National Archives of Australia

24 February 2021

Was this page helpful?
Please tell us why you selected 'Yes'
Please tell us why you selected 'No'