Establishing an information governance committee

Information governance relies on the strategic interaction between all key records, information and data stakeholders for managing information assets across an organisation.

An information governance committee provides your agency with a mechanism to develop a consistent, systematic and enterprise-wide approach to managing its information assets. It is responsible for enterprise-wide record, information and data matters, including:

  • compliance
  • strategy
  • infrastructure
  • metadata standards
  • privacy
  • support for data sharing

The National Archives established the role and responsibilities of an information governance committee through the Digital Continuity 2020 Policy.

The Building trust in the public record policy recognises the ongoing value of the committee to an organisation’s strategic information governance. Action 3 recommends that agencies review and update the roles and responsibilities of their information governance committee. This includes establishing an information governance committee if one does not exist.

Establishing an information governance committee or updating your existing committee’s roles and responsibilities will help your agency implement this new policy.

What an information governance committee does

  • Establish and review the effectiveness of your information governance framework, strategies, policies and architecture.
  • Coordinates internal and external information governance reporting, such as Check-up surveys.
  • Coordinates agency implementation of relevant information management initiatives, including whole-of-government policy such as the Building trust in the public record policy.
  • Coordinates information reviews. An information review can be used as a planning and reporting tool, and to assess whether information assets (records, information and data) are being managed by the right people, in the right place, and for as long as required.
  • Defines, assigns and or coordinates information and data roles and responsibilities. This helps your agency address information management risks.
  • Identifies and mitigates information asset risks, including risks associated with compliance, cybersecurity, access, privacy, business continuity, management and cost.
  • Works with your human resources team and key business areas to develop an information management workforce plan. This helps ensure your agency has appropriately skilled and specialised staff.
  • Advises on allocating resources to effectively manage information assets throughout their life for as long as they are needed. This may include using a cost-benefit analysis to plan technical infrastructure and its management.
  • Coordinates business system assessments to check if they meet information management requirements.
  • Approves business cases to procure business systems that meet information management requirements. Informs the development of processes for ensuring information management needs are appropriately addressed when new or upgraded systems are implemented.
  • Identifies opportunities to improve information management, such as streamlining business processes or the sharing and reuse of information and data.
  • Addresses high-level information asset issues that cannot be resolved by a working group or individual business areas.

Establishing an information governance committee

An information governance committee can be established:

  • as a board
  • as a working group
  • by accountably absorbing responsibilities into existing governance committees.

The committee is most effective when it:

  • is chaired by a senior executive responsible for information management, such as the chief information governance officer (CIGO)
  • reports directly to your agency head or established senior forums
  • has the authority to plan and manage record, information and data matters holistically and strategically.

Establishing an information governance committee requires commitment from senior managers and key internal information and data stakeholders, including staff responsible for:

  • information and communications technology (ICT)
  • legal
  • business
  • information management
  • security
  • privacy
  • freedom of information.

Terms of reference for an information governance committee

Clear terms of reference will help your agency establish its information governance committee and define its role and responsibilities. Your terms of reference for an information governance committee may include some or all of the following.

Purpose and authority

Use this section to outline the authority and responsibilities of the committee so it can achieve enterprise-wide information governance.

Include how the committee will work with business areas such as ICT, legal, business, information management, security, privacy and freedom of information.

Example text

The terms of reference for the information governance committee were approved by [name] on [date].

Scope

Use this section to describe the scope of the committee’s role. Describe how the committee aligns with your agency’s broader governance structure.

Example text

The information governance committee is responsible for enterprise-wide management of our agency’s information assets (records, information and data). It coordinates our agency’s information and data management frameworks, strategies and policies. The committee forms part of our agency’s enterprise wide governance structure [insert relevant detail].

Committee functions

Use this section to outline the key responsibilities of the information governance committee.

Example text

The committee supports our agency’s information management strategy by:

  • monitoring the effectiveness of the information governance framework and all information and data strategy, policy and architecture documents
  • coordinating information governance reporting and external information and data audits and reviews
  • developing and implementing an information management workforce plan
  • ensuring that enterprise-wide records, information and data are managed throughout their lifecycle. This includes addressing key risks associated with cybersecurity, access, privacy, business continuity and cost.

The committee supports best-practice information management across our agency by:

  • coordinating the implementation of information and data standards. This includes standards for specific business systems, metadata best practice and building interoperability capability
  • coordinating internal information reviews to identify information assets of value, manage risk and compliance, and improve business processes
  • identifying and mapping the business owners responsible for valuable information assets.

The committee supports our agency’s information management engagement by:

  • acting as interdepartmental liaison for whole-of-government information and data initiatives including informing and supporting implementation where relevant of standards, interoperability and data sharing.

The committee supports enterprise-wide information management technologies by:

  • planning, implementing and monitoring information infrastructure according to business needs. Where applicable this includes approving business system assessments to ensure appropriate information management functionality or informing procurement processes for business systems
  • advising on resource requirements for information infrastructure
  • resolving enterprise-wide information management issues that cannot be resolved by working groups or individual business areas.

Guiding principles

Include the information principles from your agency’s existing framework or strategy documentation.

If your agency does not yet have guiding information principles, refer to the sections marked ‘what success looks like’ in the Building trust in the public record policy.

Example text

The committee is guided by the following principles:

  • Our information assets are ready for re-use, interoperable across the Australian Government, and available and usable for as long as needed.
  • Our information assets are discoverable across our organisation by those with legitimate need.
  • Our information assets are accurate, up to date and complete.
  • Our governance mechanisms ensure that information management decisions are made with integrity, accountability and transparency, and deliver good business outcomes.
  • Our systems protect information assets from unauthorised alteration, deletion or misuse.
  • Our people understand and appreciate the value of information as an asset for the organisation and government, the intellectual property of the nation, and the cultural heritage of our people.

Membership

List the members of the committee.

Membership will depend on the size and complexity of your agency. However, senior representation should include key record, information and data stakeholders.

Example committee membership

  • Chair: Chief information governance officer (CIGO) or equivalent
  • Chief technology officer
  • Senior legal officer
  • Freedom of information manager
  • Security advisor
  • Senior representatives from business areas responsible for valuable information assets
  • Senior corporate governance representative
  • Senior records and information managers
  • Enterprise data representatives responsible for evaluating and implementing enterprise-wide data management practices, such as business intelligence and data dictionaries
  • Data trustee and data steward representatives responsible for decisions on information assets

Meeting schedule

Specify how often the committee meets.

This will depend on the size and complexity of your agency. A quarterly meeting is recommended as a minimum.

Reporting

Describe how and when the committee will report to senior management.

Example text

The committee will report to the agency head or nominated senior forum quarterly.

Meeting minutes will be published on the Information Governance Committee intranet webpage within two weeks of each meeting.

Business plan

Outline the committee's annual business plan, including priorities and what it will do each year. The committee will also need flexibility in being able to respond to current and emerging strategic information management issues as they may arise.

Secretariat

Specify who will provide secretariat support for the committee.