Executive summary
The Building trust in the public record: managing information and data for government and community policy came into effect on 1 January 2021.
The policy identifies key requirements for managing Australian Government information assets (records, information and data).
It helps Australian Government agencies improve how they create, collect, manage and are able to use information assets.
The Australian Government relies on well managed information to better support, protect and serve the community. The policy complements and supports Australian Government agendas to:
- digitally transform Australian Government services
- protect Australian Government information assets
- maximise the use and re-use of Australian Government information assets.
Updated June 2023
The National Archives makes products and advice including templates available under the Resources – Public release schedule. These resources are meant to help agencies implement the policy. The resources are listed under each of the 17 actions.
Building trust in the public record: managing information and data for government and community (pdf, 3.2 MB)
Foreword
The Australian Government makes decisions which affect the daily lives of millions as it works to grow Australia’s economy, create jobs, support the Australian community and keep it safe.
Records of government decisions and actions are an essential source of information for effective and responsive service delivery. The duty to document does not cease as government embraces new ways of improving service delivery and interacting with the community, including applying advanced data analytics and communicating through social media platforms. For transparent and accountable government, records of decisions – including the reasons for those decisions – need to be made and kept. This may include keeping new forms of evidence, such as data code or algorithms.
The most significant records of the Australian Government are selected as its national archives. They tell the story of Australia and illustrate how the government affects, and is affected by, Australian society. They are preserved for government and community by the National Archives of Australia, and made accessible by the National Archives to be re-used for community benefit.
Australian Government records are a rich documentary source for historians and researchers. The recent COVID-19 pandemic has sparked interest in an earlier pandemic: the 1918 influenza ‘Spanish flu’. Patent records demonstrate the inventiveness of Australian minds, while records from both world wars show the community working together at home and overseas to defend our country and way of life.
These records also document the separation of families, from those displaced from their homelands during war to the Aboriginal and Torres Strait Islander children removed from family and country by past government policy. Records held by the National Archives of Australia are a source of personal memory and can be used to connect families to earlier generations.
Recent royal commissions reflect society’s desire to protect the vulnerable – from children to the aged. The Royal Commission into Institutional Responses to Child Sexual Abuse noted that poor recordkeeping practices pose serious risks to preventing, identifying and responding to child sexual abuse. Records are vital if we are to protect the vulnerable, have proof of rights and entitlements, evidence past injustices, provide redress as acknowledgement of past harm and, hopefully, contribute to healing and reconciliation.
This policy identifies key requirements and outlines actions to further improve how the Australian Government manages its records, information and data. I urge you to read it, share it, and put it into practice in your agency. This will ensure that the Australian Government, and the National Archives of Australia, continues to have a public record that can be trusted for all its current and future uses by government and community.
– David Fricker, Director-General, National Archives of Australia
Introduction
The Australian Public Service needs authentic, complete and reliable information to make evidence-based decisions, provide sound advice, develop good policy and deliver services and programs effectively. Community members need to be confident that the information they provide to government will be held securely, shared responsibly and made available as accurate proof of their entitlements when needed. Good information management is essential to building trust in the creation, collection and use of Australian Government information to meet the outcomes required by government and community.
When information is managed well, it:
- facilitates the day-to-day operations of the Australian Government, enabling it to create policy and provide services across its varied responsibilities, ranging from agriculture, defence and environment to immigration, public health and trade
- enables the Australian Government to be transparent, responsive and accountable to the community it serves
- is foundational to the Australian Government’s digital transformation agenda to improve government services to the community
- enables the Australian Government to support and protect the vulnerable, redress past injustices and reduce inequity within the community
- underpins the Australian Government’s social, scientific, medical, agricultural, and industry, research, projects and problem-solving
- is available as a resource for re-use by government and community to drive innovation, increase economic productivity and enhance social and cultural outcomes
- is preserved as evidence of the most significant interactions between the Australian Government and the community. These are kept as the national archives and form part of the history, identity and memory of the Australian nation.
Well-managed information is the result of planned, enterprise-wide management of information assets, technologies, processes and staff behaviours. Information needs to be managed well within individual agencies and across government as a whole.
The National Archives of Australia has run annual information management surveys since 2011. They indicate that, while good progress is being made across the Australian Government, there is still a need for improved information management capability to enable delivery on government objectives.
Terminology
This policy applies to Australian Government digital and non-digital records, information and data which are created, collected, received and kept as part of government business.
The policy uses the term ‘information asset’ to refer to records, information and data collectively and ‘information management’ to refer to their collective management.
Purpose
The purpose of this policy is to improve how Australian Government agencies create, collect, manage and are able to use information assets. Effective information management facilitates delivery on government objectives to better support, protect and serve the Australian community – now and in the future. Well-managed information also increases community trust in the public record of government.
The Archives Act 1983 sets obligations for the management of information assets for Australian Government agencies. It enables the National Archives to determine standards and provide advice as part of its oversight of Australian Government information management.
This policy identifies key requirements and actions for Australian Government agencies to build information management capability and address areas of lower performance. Meeting these requirements will ensure that the information assets of the Australian Government are created, kept and maintained effectively and efficiently. This will enable the long-term and sustainable use and re-use of government information.
In line with the National Archives’ previous policies, this policy supports a number of
whole-of-government agendas led by other agencies through its improvement of Australian Government information management. These agendas include Australian Public Service reform, data use and re-use, digital transformation of service delivery to the community, and building public trust in government.
The Building trust in the public record: managing information and data for government and community policy builds on the National Archives’ previous policies, Digital transition (2011) and Digital continuity 2020 (2015), to support agencies to effectively manage information assets.
The Australian Government has made considerable progress in transitioning to digital information management under these policies. This policy maintains the emphasis of previous policies on the necessity for robust information governance and fit-for-purpose information management. It enables continuous improvement in contemporary Australian Government information management, and highlights a requirement to reduce areas of information management inefficiency and risk.
This policy will apply from 1 January 2021 until 31 December 2025, unless the National Archives advises that it will extend it for a further specified period of time.
Who is this policy for?
This policy identifies key information management requirements for agency heads, who are accountable for information governance in their agency. It provides supporting actions and guidance for information managers responsible for its implementation.
It is vital that everyone who works for, or on behalf of, the Australian Government (including contractors, consultants and volunteers) understands their responsibility to manage information well.
This policy applies to non-corporate and corporate Commonwealth entities, and wholly owned companies including government business enterprises. These are collectively referred to as agencies.
Ultimately, this policy is for the community. It ensures government records, information and data are created, collected and managed effectively to serve the community and protect rights and entitlements. This includes the community’s right to access government information to understand the basis of government decisions and actions, as part of accountable democracy.
Role of the National Archives of Australia
This policy has been developed by the National Archives of Australia to enable continuous improvement in managing Australian Government information assets.
Under the Archives Act 1983, the National Archives:
- determines information management standards for Australian Government agencies
- ensures the Australian Government creates and keeps records of its decisions and actions to demonstrate accountability to the community and evidence the integrity of the operations of the Australian Public Service
- authorises destruction of information assets with no ongoing value to government or community
- selects and preserves the most significant records of the Australian Government and makes them available to government and community as a national resource to enrich and inform how we live today.
Other key agencies
Each Australian Government agency has a unique set of specific and whole-of-government requirements for the creation, management and use of information assets. These requirements include Australian Government agencies meeting their responsibilities to create, manage, preserve and retain information to meet the provisions of the Archives Act 1983 and are foundational to business productivity and government accountability.
The National Archives’ advice on, and standards for, the creation and management of Australian Government information assets complements and supports the work of other key information agencies.
The roles of other key agencies in the Australian Government information asset and digital environment are described in Appendix B.
They guide and assist the Australian Government’s management, use and re-use, of its information assets through policy and advice on:
- protective security, cybersecurity and protection of personal information
- whole-of-government and shared ICT and digital services
- improvement in performance management of Australian Government resources
- improvement in workforce digital and data capability
- giving effect to public rights of access under freedom of information legislation
- delivering quality statistical services and trusted data and statistics
- improving the Australian Government’s capability to maximise sharing of public sector data, and release of non-sensitive data, for use and re-use.
The Building trust in the public record policy provides an overarching framework for good information management practice. Data is an increasingly important type of information. It is a valuable resource and to unlock its full potential it must be managed well. Data management is a complementary discipline to records and information management. Within their unique operating environments agencies may have specific plans, policies and practices to manage and enhance the value of public sector data.
Each of the key information agencies, described in Appendix B, with the National Archives, have important roles in supporting Australian Government agencies to manage public sector data to enable its use and re-use. These roles include:
- developing public data policy to maximise data-sharing and release and to build public trust in government data
- optimising trusted access to, use, and re-use of public sector data
- ensuring its preservation and authenticity
- building technical infrastructure to support data use
- uplifting data capability though professionalisation of the Australian Public Service data workforce
- improving performance management of public sector data.
The National Archives has worked collaboratively with these agencies during the development of this policy to ensure consistency of Australian Government policy advice for managing information assets. The National Archives will continue to collaborate with key information agencies to promote aligned guidance and support on the management of Australian Government information assets.
Policy statement
Agencies will:
- manage information assets strategically with appropriate governance and reporting to meet current and future needs of government and community
- implement fit-for-purpose information management processes, practices and systems that meet identified needs for information asset creation, use and re-use
- reduce areas of information management inefficiency and risk to ensure public resources are managed effectively.
Managing information assets to enable trusted use by government and community
In 2017, the National Archives issued the Information management standard for Australian Government. This standard is consistent with the international and Australian standard AS ISO 15489.1:2017. The Information management standard for Australian Government sets out principles for the management of information to support agencies to meet business, government and community needs and expectations.
Relationship between this policy and the Information management standard for Australian Government
The requirements and actions outlined in this policy are consistent with the principles of the Information management standard for Australian Government.
Information assets should be managed to enable trusted use based on the 8 principles of the standard. They should be:
- Governed systematically
- Created accurately and completely
- Described so they can be found and understood
- Stored securely and preserved so they remain usable
- Kept for as long as needed by government and community
- Accountably destroyed when no longer needed
- Kept in fit-for-purpose systems and managed according to value and use
- Available for reliable use and re-use by government and community
The principles and recommended actions of the standard can be mapped against the statements and actions of this policy. Read more about the relationship between the standard and policy.
Why good information management is important
Contemporary information management is different from past practices. Digital technologies are constantly evolving, providing opportunities for more efficient ways of working. This can also lead to information management challenges.
Agencies today rarely create and organise their information assets centrally. Instead, they create and keep them in a variety of locations, onsite and cloud-based, using many formats, applications and systems. Over time, formats and systems become outdated and need active intervention to preserve the accessibility, authenticity and stability of content.
Information management is not an end in itself. Agencies risk basing their activities and decisions on incomplete and inaccurate information when information assets are poorly managed. Good information management maximises the value of an agency’s information assets by ensuring they can be found, used and shared to meet government and community needs.
Information assets are poorly managed when they are:
- inaccurate or incomplete
- without adequate description to establish their authenticity – for example, when their origin or context is unknown
- unnecessarily duplicated
- siloed in different systems where all needed information cannot be retrieved, or information cannot be exchanged
- vulnerable to unauthorised access, including security and data breaches
- unable to be accessed because they have been prematurely destroyed or stored in outdated technologies
- kept longer than necessary.
Poor information management increases the risk that agencies will:
- make bad business decisions
- compromise the rights and entitlements of members of the community
- enable the unauthorised release of sensitive information
- spend public money storing and managing information assets that are no longer needed
- endanger community trust in the government’s ability to manage and use information
- provide inefficient services to the community
- be unable to properly advise or report to the minister and other stakeholders.
Good management delivers trusted information assets that:
- provide a sound basis for defensible, evidence-based decisions and policies
- support rights and entitlements and government accountability
- mitigate business risk, including business continuity and reputational risks
- are a foundation for reliable research and findings
- enable innovation
- support strategic objectives and business outcomes
- can be used, shared and re-used responsibly and ethically
- are available for use now and in the future
- can be maximised in value as a government and community resource
- build community trust in government.
Improving information management performance
The National Archives’ annual Check-up surveys measure agencies’ progress in managing Australian Government information assets.
In the 2019 survey, the average score for overall information management capability was 3.25 out of 5. This indicates that improvement will still be required at the end of the Digital continuity 2020 policy.
The areas of lowest performance were governance, interoperability of data between systems, and sentencing (recording when information assets can be destroyed or transferred to the National Archives).
This policy identifies 3 key requirements for Australian Government agencies to address these capability gaps and improve their information management performance.
These key requirements are further described below.
1. Manage information assets strategically with appropriate governance and reporting
Effective governance ensures that information management is aligned with strategic objectives to improve business outcomes and mitigate risk. It includes looking over the horizon and having a vision of what information assets will be needed in the future and how to manage them to meet agency, government and community needs.
A strategic assessment of current and future needs for information, and a plan for how to manage information to meet those needs, should be documented and reported to senior management. Each agency will have business-specific needs for information, as well as the need to meet broader commitments to open, responsive and inclusive government.
It is important to identify and register information assets held by Australian Government agencies. Agencies should document their value to the business and other stakeholders, and include high-level management considerations such as sensitivities associated with the information. This results in known information assets that can be managed according to their value and made available appropriately for government and community use.
Good governance includes senior management support for building an organisational culture that respects the value of information assets to business and the community. Information management policies should have an accountability framework to ensure staff know and meet their responsibilities when creating and using information assets.
Information managers should report regularly to senior management on progress made in managing information assets. Internal reports should document:
- the risks of not following recommended practices for managing information assets
- the mitigation strategies in place for information management risks.
What success looks like
- Agencies have up-to-date governance arrangements covering all information assets.
- Agencies have an enterprise-wide, strategic approach to managing information assets to meet current and future needs. They identify areas of lower information management capability and performance, and have plans to redress them.
- Agencies identify information assets and register them where there is business value in doing so.
- Staff have the necessary skills and knowledge to manage information according to its value as a business and community asset. Plans are in place to address capability gaps, in particular for staff with specialist information management roles.
- Senior management visibly and proactively supports information management. There are internal structures for senior managers to engage with skilled information management professionals.
- Agencies report internally, on a regular basis, to monitor their information management progress. Risks of not following recommended practice, and mitigation strategies, are documented. Agencies assess their information capability progress annually through the National Archives’ survey tool – Check-up.
Case study: good information governance ensures that all obligations are known and met
In 2020, as the Australian Public Service responded to the COVID-19 pandemic, the Australian National Audit Office (ANAO) published insights based on lessons learned from previous audits relating to the rapid implementation of Australian Government initiatives (16 April 2020). The ANAO stressed the importance of balancing a focus on results with accountability for those results. It recommended creating and maintaining a ‘minimum standard of documentation relating to administrative processes and decisions’, including oral and digital communications, to assess if an agency is ‘fully meeting government objectives and discharging accountability and transparency obligations, including external reporting’.
2. Implement fit-for-purpose information management processes, practices and systems
Information management processes, practices and systems are fit-for-purpose when they meet identified needs for accurate information creation and use. Agencies need to assess what is ‘fit-for-purpose’ for their information needs. This should be based on:
- specific business needs to manage and use information
- the type of information, which can vary from case records relating to individuals, to large and dynamic datasets
- the value of the information
- other stakeholders who need to use the information
- special characteristics of the information, such as its sensitivity.
‘Fit-for-purpose’ will vary based on this assessment. For example, agencies will need some systems to share information and these systems will need the functionality to support interoperability. Other systems will not require this functionality as agencies will need them to be standalone to protect highly sensitive information from unauthorised use. Both systems are fit-for-purpose.
Members of the Australian community interact with the Australian Government throughout their lives. Individuals pay taxes, seek advice and make applications for citizenship, pensions, and other rights and entitlements. The community expects the government to create and keep records as evidence of these interactions to enable current and future rights and entitlements. Well managed records enable the government to provide responsive services to members of the community and this builds trust in how the government operates.
A priority for the Australian Government is to provide world-class, connected services tailored to business and community needs, with easier interactions with government. Accurate and reliable information assets are required to meet these outcomes and to inform decisions about how they can be achieved.
The ability to share and exchange data between systems, and reduce unnecessary data silos, is key to supporting connected services. This will also facilitate the government’s commitments to release and share data to maximise its use and re-use. Working towards interoperable information management systems with standardised descriptive information (metadata) across government, where practical, will create efficiencies for data exchange. It will also facilitate integration of datasets within and between agencies during times of administrative change.
Information assets typically have a life span beyond the initial technology in which they were created or delivered. They may need to be migrated across several systems during their period of use. Agencies need to plan ahead to preserve both the content of the information asset and information about its context. Context includes where it originated or who created it, when it was created and how it was used. Preservation of content and context is critical to ensuring continuity of government services and accountability.
What success looks like
- Agencies assess and meet information management needs when systems are purchased, designed or upgraded. Business systems, including whole-of-government systems, have appropriate functionality to manage information assets. This includes maintaining the availability and integrity of data.
- Information assets have adequate and standardised descriptive information (metadata) that facilitates business use and data-sharing. The content and context of data is known, can be verified and can be understood.
- Agencies assess interoperability maturity needed to exchange and share data, and address gaps.
- Agencies implement strategies, including digital preservation strategies, to ensure information assets are available and usable for as long as they are required.
- Agencies use sustainable digital file formats to ensure content is available for as long as it is needed.
Case study: fit-for-purpose records management should meet needs for the information
In 2017, the Royal Commission into Institutional Responses to Child Sexual Abuse reported on the consequences of poor records management for victims and survivors of child sexual abuse. It heard of many instances in which records were never created, contained inadequate content, were lost or destroyed, or were unable to be located. The Royal Commission noted that this caused survivors distress and that (early) loss or destruction could:
- ‘prevent the identification of perpetrators
- obscure institutional knowledge and responsibility
- leave survivors feeling their accounts are not believed and cannot be verified
- prevent or hinder redress and civil or criminal proceedings.’ (Final report: volume 8 – recordkeeping and information sharing, 2017:42)
3. Reduce areas of information management inefficiency and risk
There are areas of known inefficiency and potential risk in the way some Australian Government information assets are currently managed. These include:
- information assets that are not managed digitally when they could be, including by printing to paper
- legacy systems that are based on outdated technologies needed for day-to-day operations which do not meet modern information management needs
- large quantities of information assets whose value has not been assessed, or which are kept past the period for which they are needed.
Digital information assets and processes enable information to be readily accessed, shared and integrated into service delivery. Digital processes are more efficient for most client service delivery.
Systems based on outdated technologies do not perform optimally to meet business needs. They may not be able to share data or analyse it effectively. It is a government priority to review and update these systems where required. Responsible management of information assets must be an integral part of any system upgrade or migration. Agencies should not decommission systems without considering how the information assets they hold might be needed in future and if they can be accountably destroyed.
Legacy information assets are information assets that are no longer required for agency business purposes. They may be in known locations, in neglected or inaccessible systems, in forgotten cloud-based platforms, in removable storage devices or in a variety of physical locations. Often the content and value of legacy information assets is unknown, which means that the most significant Australian Government records of Australia’s history may be at risk.
Agencies should manage information assets according to their value. This includes regularly documenting how long information assets must be kept (sentencing) and accountably destroying them when they are no longer needed. The National Archives is responsible for authorising the minimum period of time for which Australian Government information assets must be kept. This authorisation is provided through legal instruments that agencies must use for accountable sentencing and destruction.
Keeping information assets for longer than needed has financial, resourcing and efficiency costs. It may make needed information assets more difficult to find – for example, when searches retrieve outdated and irrelevant information. Large quantities of legacy information assets, particularly if they are held in outdated insecure systems, may become a ‘honey pot’ for hackers, potentially exposing the information to privacy and security risks.
What success looks like
- Agencies work digitally by default and manage information in digital format.
- Agencies regularly review analogue processes and replace them with digital processes.
- Agencies meet information management requirements when migrating, upgrading or decommissioning outdated systems.
- Agencies regularly record how long information assets should be kept (sentence them) so they are managed according to their value.
- Agencies promptly destroy information assets, when they are no longer required for business purposes, under the relevant authority. In accordance with approved arrangements, they transfer the most significant information assets to the care of the National Archives. This includes transferring custody of information assets to the National Archives or entering into agreed distributed custody arrangements.
Case study: inefficiencies impact on service delivery and expose the government to risk
The independent review of the Australian Public Service, Our public service, our future, noted a number of risks and inefficiencies associated with legacy systems, including cyber risks and impacts on service delivery from fragmented and ageing technologies (2019:156).
Recommendation 14 – for an audit and plan to redress these deficiencies – was accepted by the Australian Government in its response to the review, Delivering for Australians – a world-class Australian Public Service: the government’s APS reform agenda (2019:19).
Guidance and support
Appendix A provides a list of actions for agencies to successfully implement this policy. To support agencies to implement the policy, the National Archives:
- has updated existing advice and products and developed new advice and products
- will progressively release more products and advice throughout the policy period to be made available online
- will engage with agencies to understand what further assistance they need.
Agencies should contact the Agency Service Centre with any queries regarding this policy.
Authority
Under section 2A of the Archives Act 1983, the National Archives has the authority to determine standards, and provide advice on managing Australian Government records.
The Act’s definition of a ‘record’ covers any form of documented information kept because of the information that can be derived from it or its connection with an event, person, circumstance or thing.
The National Archives will report annually to its responsible minister on the status of information management in agencies and make recommendations for further improvements.
Appendix A: Actions for policy implementation
Purpose
This document provides implementation advice to assist agencies to meet the key requirements described in the Building trust in the public record policy statement – that is, that agencies will:
- manage information assets strategically with appropriate governance and reporting to meet current and future needs of government and community
- implement fit-for-purpose information management processes, practices and systems that meet identified needs for information asset creation, use and re-use
- reduce areas of information management inefficiency and risk to ensure public resources are managed effectively.
Implementation
The key requirements in the Building trust in the public record policy statement are described at a high level. This implementation advice provides actions for agencies to undertake to meet those requirements. Most of the actions listed are recommended as good practice to achieve the policy’s desired outcomes. There are 3 mandatory actions: 1, 9 and 14. Actions 1 and 9 are carried through from the National Archives’ previous policies, Digital transition (2011) and Digital continuity 2020 (2015). Action 14 is based on section 27 of the Archives Act 1983.
The Attorney-General and Minister for Industrial Relations endorsed the policy, its strategic objectives and its 3 mandatory actions on 20 November 2020. This endorsement acknowledges the vital role well managed information assets play in Australian Government integrity, accountability and transparency and the need for continuous improvement of Australian Government information management.
The National Archives recognises that there is a diversity of agencies across the Australian Government, with different business responsibilities, resources, risk tolerances, capabilities and information management environments. What might be a priority action for one agency may not have the same urgency for another.
The Building trust in the public record policy gives agencies flexibility to take action in the manner and order that best meets their business needs.
The National Archives will monitor whole-of-government progress in implementing the policy through its annual Check-up survey.
The National Archives will help agencies implement the policy by providing a range of supporting guidance and tools. Collaborative approaches and solutions to common problems will be sought and shared through ongoing engagement with Australian Government agencies. This engagement will include continued consultation with other information policy agencies to facilitate alignment of information management requirements and guidance across government, where this is possible. The National Archives will also actively participate in whole-of-government information management improvement initiatives.