An information management strategy is a key strategic document that will help align information management practices to meet the requirements of an information governance framework. An information management strategy describes your agency’s planned approach to information management to meet current and future organisational needs and regulatory requirements.
The strategy sets out a plan for continual improvement. It describes what the agency aims to achieve in its information management practices and summarises the actions needed to achieve its aims in accordance with the principles and context outlined in the agency’s information governance framework. It assigns responsibility for the actions. The strategy:
- describes the current status of information management in the agency, highlighting strengths and weaknesses and the direction for improvement
- identifies short-term, medium-term and long-term goals for information management to build on strengths, mitigate risks and address weaknesses
- outlines measurable tasks or actions needed to achieve these goals in a corporately endorsed plan and timeframe
- provides a basis for planning and acquiring information management resources needed to meet organisational targets, including funding, staffing and technical systems
- highlights where consultation and interaction is required such as with ICT, security and business areas, and senior management
- documents who will be responsible for ensuring that the strategies are implemented and progress is reported.
Information management strategy – template
This template provides a useful guide to the key aspects and components to include in an agency information management strategy. Sample text to include in the strategy is indented.
Date and version number
Explain that the strategy outlines information management strengths and weaknesses, and plans for future improvement, and why this is needed within the context of your agency. Link the strategy to the general corporate strategic direction and describe how the planned strategy will support business and strategic priorities.
Effective governance and the achievement of corporate and business priorities depends on [the agency’s] capacity to manage information effectively. [The agency’s] strategy supports continual improvement in our information management practices. It identifies strengths and weaknesses and outlines plans for building on our strengths and addressing weaknesses. This includes, but is not limited to, consideration of appropriate systems to support our information management needs into the future. It is based on an analysis of our current information management status and establishes a plan for future progress.
The strategy will ensure that information management supports our corporate plan and priorities [include specific corporate priorities if appropriate].
Information is an agency asset. This strategy aims to ensure that our practices result in information that support business and satisfy our legal and stakeholder requirements.
Statement about the strategic direction
Describe what the agency is aiming to achieve in its information management, and the timeframe within which improvement is to be achieved. This will be influenced by the current status of information management, and by the environment within which the agency operates (which should be set out in the framework). This statement does not include detail about strengths and weaknesses. These are addressed later.
Our agency intends to be fully digital by 2015. By 2020 [the agency] aims to achieve an information management program which is fully integrated into our agency’s information governance framework. Our information systems and structures will withstand external scrutiny and will help to reduce organisational risks. Information will be an organisational asset, readily located and accessed by staff who need the right information at the right time.
Barriers to achieving these strategic aims will be identified in ongoing reviews. Some current challenges are detailed below. [Mention any overarching imperative for change. There may be none for your agency beyond that of continual improvement to achieve accountable information management that supports staff in conducting the business of the agency. Other examples might include the need to meet government policies or expectations such as digital transition, or addressing particular issues that have been raised in Australian National Audit Office reports, or other vulnerabilities or risks that have been identified that need urgent attention.]
Strengths and weaknesses
Describe the strengths and weakness in current information management practices in the agency that affect the ability of information to support core or unique business and to comply with whole-of-government requirements. Your agency's Check-up Digital results will be useful.
Examples of strengths could include:
- a good corporate culture with staff who understand their obligations, regard information as corporate assets and comply with procedures and policies
- up-to-date records authority coverage of all core business of the agency, and regular sentencing and disposal of information
- a well-planned systems architecture which supports sharing and re-use of information, avoids silos or unnecessary duplication of information, and seamlessly supports agency business.
Examples of weaknesses, or areas for further improvement, could include:
- staff are reluctant to use endorsed locations such as the corporate information management system
- there is a proliferation of individual systems holding information, with duplicate information across a multitude of systems and difficulty in finding and accessing all relevant information when it is needed
- information in business systems have not been identified and appropriate management needs have not been assessed
- high risk information held in business systems with limited information management functionality and no ability to export to, or integrate with, an information management system
- there are large holdings of legacy information which should have been destroyed
- there is continued reliance on printing digital information to paper for storage and maintenance.
Actions needed to meet short-term, medium-term and long-term goals
List actions that need to be taken and include a timeframe within which each action is to be completed. Major actions will fall within your agency’s project management framework while others can be undertaken as a part of normal business. Actions that need to be taken will depend on the weaknesses you have identified above. Examples might include the following:
- To ensure agency-wide use of endorsed information management systems, training and support in the use of the systems will be provided to all staff by [20XX] and will be offered annually after that. Use of shared drives will be withdrawn by [20XX]. Responsible area: information management unit, ICT area.
- By December 31 2016 all current business systems will be assessed to identify what information they hold and what information management functionality they require. By [20XX], information in all business systems will receive a level of protection appropriate to their value. Proposals for acquisition of new systems that create or keep information will require an information-impact statement that sets out what information will be created and how it is proposed that they will be managed. Responsible area: information management unit, ICT area, software business owners.
- An information review will be undertaken by [6 months prior to assessment of all current business systems] to identify high-risk information and to ensure they are receiving appropriate levels of management. Responsible area: information management unit, ICT area, relevant business areas.
- By [20XX, xxx metres] of paper records will be sentenced and appropriately disposed. By 2016 no new paper files will be created other than for classified material or other exceptions as outlined in our information management policy. Digital information in our information management systems will be sentenced and appropriately disposed, ongoing from [20XX]. Responsible area: information management unit, ICT area.
Other actions that might be relevant are:
- using Check-up Digital to develop a model of continuous improvement
- surveying agency practices to determine compliance against whole-of-government legislation and expectations such as the Digital Transition Policy, privacy and freedom of information or the Australian Government Protective Security Policy Framework (PSPF)
- assessing to what extent the agency adheres to the National Archives of Australia’s Digital Continuity 2020 principles and creating a project plan to redress any areas that need improvement
Identify who is responsible for leading and monitoring the overall strategic direction of agency information management as well as who has responsibility for implementing individual actions.
Periodic reports should be made to senior management on progress in achieving information management strategies.
Evaluate and review the strategy at regular intervals to ensure it is still appropriate, that expected progress is occurring and, if not, determine what the barriers are. Reviews should also be undertaken after significant changes such as restructure or changes in the regulatory environment.
Senior management endorsement
Provide evidence that the CEO or senior manager with responsibility for information management has endorsed the strategy. This may be done in a brief paragraph signed by the CEO or senior manager recognising the important place of information in the agency and setting an expectation that staff will support the strategy.