Developing an enterprise-wide information management strategy

What is an information management strategy?

An information management strategy is a key document to help your agency align its information management practices and meet the requirements of an information governance framework

The Building trust in the public record policy recommends that agencies create an enterprise-wide information management strategy (action 4).

An enterprise-wide information management strategy creates and supports a plan for continual information management improvement by:

  • describing the current state of information management in your agency, highlighting strengths, weaknesses and opportunities for improvement
  • identifying short, medium and long-term information management goals (including timeframes) that build on strengths, mitigate risks and address weaknesses.
  • outlining the tasks or actions needed to achieve these goals
  • providing a basis for planning and acquiring information management resources to meet organisational targets, including funding, staffing and technical systems
  • highlighting when you need to consult with senior management or business areas such as ICT or security
  • recording who is responsible for ensuring the strategy is implemented and progress is reported.

Things to include

Your strategy may focus on several different areas, including:

  • staff capability
  • information management systems and their requirements
  • interoperability maturity
  • transforming analogue processes to digital
  • managing legacy systems.

Interaction with other strategies

An enterprise-wide information management strategy complements other strategies, such as your agency’s:

You may have more than one information management strategy

Depending on your agency’s size, structure and information asset requirements, you can either:

  • have a single information management strategy for all information assets across the organisation
  • have separate but related strategies that work together to address enterprise-wide requirements.

Information management strategy template

The National Archives has developed an information management strategy template that agencies can customise for their own strategy document.

Download the information management strategy template (DOCX 160 KB)

Parts of an information management strategy

Your information management strategy may include some or all of the following.


Explain the purpose of your information management strategy.

Examples of purpose statements include:

  • The strategy outlines [the agency’s] information management strengths and weaknesses.
  • The strategy provides planning for future improvement.
  • The strategy explains why these plans are important within the context of [the agency].

Make sure you link the strategy to your agency’s strategic direction and describe how the strategy will support business and corporate priorities.

Strategic direction statement

Describe what the agency wants to achieve for its information asset management and the timeframe to do this.

This will be influenced by your agency’s current state of information management and its operational environment. Your agency’s information governance framework can provide details about its operational and regulatory environment.

Strategic direction statements may include:

  • By [year], [the agency] will develop an information management program to address [focus area] as a priority.
  • By [year], our agency’s information systems and structures will withstand external scrutiny and will help reduce organisational risks. Information will be an organisational asset, readily located and accessed by staff who need the right information at the right time.
  • [The agency] will address the recommendations of the recent Australian National Audit report [title] and provide a formal response by [year].

Strengths and weaknesses

Describe the strengths and weakness of your agency’s current information management practices.

These will affect how your information assets support core or unique business and comply with whole-of-government requirements. Your agency's Check-up results will be useful in developing this section.

Examples of strengths could include:

  • a good corporate culture with staff who understand their obligations, regard information as corporate asset and take responsibility for improving information management practices
  • up-to-date records authorities that cover all core and unique business functions and guide regular sentencing and disposal of information
  • a well-planned systems architecture that supports discovery and re-use of information, avoids silos and unnecessary duplication of information, and seamlessly supports agency business.

Examples of weaknesses or areas for improvement could include:

  • paper-based procedures still being used for businesses processes where a digital process could be used instead
  • siloed or ad hoc information asset management initiatives
  • high-risk information assets held in business systems that do not provide the functional requirements for information management
  • large holdings of legacy information that should have been destroyed or transferred to the National Archives
  • lack of clear standards for metadata. Creation and collection of metadata relies on ad hoc manual entry, resulting in compromised integrity and discoverability of information assets
  • siloed systems with duplicate information assets. Finding and accessing relevant information is difficult and time-consuming.

Strategy actions

List the actions your agency will take to achieve the intended outcomes of the information management strategy as well as the timeframe for each.

This does not include major actions that fall within your agency’s project management framework or actions as a part of normal business.

Actions listed in your strategy should address the weaknesses and areas for future improvement you have identified. Make sure to consider short, medium and long term goals.

Strategy actions might include:

  • Undertake a Data Interoperability Maturity Model assessment by [date]. Use the assessment results to start planning how to address the interoperability gaps identified.
  • By [date], start migrating high-risk information assets to ensure they can be managed, accessed and re-used for as long as needed. Prioritise information assets in formats or systems that are at risk of becoming obsolete.
  • By [date], perform an enterprise-wide information review focused on [a key risk such as a privacy impact or system obsolescence]. Recommend solutions to improve risk management.
  • By [date], all systems containing high-risk or high-value information assets will be assessed to see if they meet relevant requirements, standards and agency-endorsed criteria. This might cover preservation and storage capability, relevant metadata or reusability. Recommend solutions for systems that are not fit for purpose.
  • By [date], [number] digital and analogue information assets will be sentenced and appropriately disposed of. Secure resources for this project, which will help establish an approach for similar assets or a regular program of disposal activities.
  • Use [the agency’s] Check-up results to develop a process for continuous improvement.
  • Survey [the agency’s] existing practices to see if they comply against whole-of-government legislation and expectations such as privacy and freedom of information requirements and the Australian Government Protective Security Policy Framework.
  • Assess [the agency’s] implementation of the Building trust in the public record policy and prioritise its actions in accordance with business need and risk.
  • Planning to implement priority actions of the Building trust in the public record policy. Completing the policy internal progress-monitoring template (XLXS 76KB) can aid in planning and tracking progress, and help you achieve action 8 of the policy.
  • Assess [the agency’s] information management practices against the Information Management Standard for Australian Government.


Identify the senior positions who will lead and monitor the strategic direction of your agency’s information management practices.

You should also identify who will implement individual actions, although you might prefer to include this with the strategy actions in the previous section.


Outline when and how progress will be reported to senior management. Include the reporting line and the planned reporting period.

Reviewing your strategy

Outline when and how your agency will evaluate and review the strategy. This should be done at regular intervals to ensure:

  • strategy actions and aims are still relevant
  • work towards the strategy actions is progressing as expected
  • any barriers to achieving the strategy outcomes are identified and managed.

You should also review your information management strategy after significant changes to your agency. This might include an organisational restructure or changes in your regulatory environment.

Senior management endorsement

Provide evidence that your senior management has endorsed the strategy.

This can be a brief paragraph signed by the agency head or the chief information governance officer (CIGO). It should recognise the importance of information assets in the agency and set the expectation that staff will support the strategy.