Building trust in the public record

On this page

Our flagship policy Building trust in the public record has been extended to 31 December 2028

Some of the references, language and policy actions have been updated in the revised policy.

Executive summary

The Building trust in the public record: managing information and data for government and community policy came into effect on 1 January 2021.

The policy identifies key requirements for managing Australian Government information assets (records, information and data).

It helps Australian Government agencies improve how they create, collect, manage and are able to use information assets.

The Australian Government relies on well managed information to better support, protect and serve the community. The policy complements and supports Australian Government agendas to:

  • digitally transform Australian Government services
  • protect Australian Government information assets
  • maximise the use and re-use of Australian Government information assets.

The National Archives makes products and advice including templates available under the Resources – Public release schedule. These resources are meant to help agencies implement the policy. The resources are listed under each of the 17 actions.

Foreword

Government information is a public asset, and one that can have profound and enduring significance for communities. Managing it effectively is fundamental to sustaining public trust, and in this era of rapid data generation and increasing mis- and dis-information, this responsibility is more critical than ever.

At National Archives of Australia, we serve the dual role of preserving Australian Government information and setting government information management standards under the Archives Act 1983. Our work with government agencies, including this policy, is designed to improve how agencies create, collect, manage and use information assets.

Australian Government agencies create evidence of government decisions and actions, which when secured, preserved and made accessible, provide transparency. The work of National Archives supports integrity and stewardship and fosters public confidence in government.

Right now, emerging technologies like artificial intelligence offer powerful opportunities to enhance government operations and service delivery, but they also present complex challenges. In this environment, it's never been more important to safeguard accurate, trustworthy and secure information – and coordinated approaches to information management and emerging technologies, that prioritise ethical considerations through explainable systems, human oversight and data integrity, are foundational to this. Responsive regulation and policy development is also critical in this evolving space.

Amid these complexities, demands on government agencies continue to increase. Our communities expect access to relevant, timely and authentic information about government processes that affect their lives, and we know that strong information management is not only essential for agency operations and effective service delivery, but can also enable participatory democracy.

To support agencies in this time of transformation, we are working to improve information management maturity across government. Under our new strategy, Strategy 2025–2030: Evolving National Archives, we seek to uplift our engagement with Australian Government agencies through higher-level connection and whole-of-government leadership on information management. We also aim to position information management as a strategic enabler, while navigating the persistent challenges of limited resources and capability.

All Australian Government agencies are custodians of profoundly significant information. Historical records documenting the separation of families, for example, contain the often unrecorded voices of people whose lives were affected by past government policy, from those displaced from their homelands during war to Aboriginal and Torres Strait Islander children who were forcibly removed from their families, communities, and Country. If effectively managed and made accessible, records like these can help to reconnect families and serve as powerful evidence for redress schemes and for healing.

While National Archives plays a lead role in government information management, building knowledge, capability and maturity requires collective effort and shared accountability. If you are an agency head or information manager, I encourage you to continue embedding and driving this policy in your agency. Please also share your insights and implementation experiences as we continue our work to strengthen information management across government. Together, we can ensure that our information assets continue to serve as a foundation for integrity, upholding our duty to the communities we serve.

Simon Froude
Director-General, National Archives of Australia

Introduction

The Australian Public Service needs authentic, complete and reliable information to make evidence-based decisions, provide sound advice, develop good policy and deliver services and programs effectively. Community members need to be confident that the information they provide to government will be held securely, shared responsibly and made available as accurate proof of their entitlements when needed. Good information management is essential to building trust in the creation, collection and use of Australian Government information to meet the outcomes required by government and community.

When information is managed well, it:

  • facilitates the day-to-day operations of the Australian Government, enabling it to create policy and provide services across its varied responsibilities, ranging from agriculture, defence and environment to immigration, public health and trade
  • enables the Australian Government to behave with integrity, and be transparent, responsive and accountable to the community it serves
  • is foundational to the Australian Government’s digital transformation agenda to improve government services to the community
  • enables the Australian Government to support and protect the vulnerable, redress past injustices and reduce inequity within the community
  • underpins the Australian Government’s social, scientific, medical, agricultural, and industry, research, projects and problem-solving
  • is available as a resource for re-use by government and community to drive innovation, increase economic productivity and enhance social and cultural outcomes
  • is preserved as evidence of the most significant interactions between the Australian Government and the community. These are kept as the national archives and form part of the history, identity and memory of the Australian nation.

Well-managed information is the result of planned enterprise-wide management of information assets, technologies, processes and staff behaviours. Information needs to be managed well within individual agencies and across government.

The Building trust in the public record policy commenced in 2021. During that time, annual information management surveys, conducted by National Archives, have identified incremental progress in agency implementation across most of the mandatory and recommended actions attached to the policy. The policy is now extended to 31 December 2028. This enables agencies more time to fully implement policy actions and gives National Archives the opportunity to provide support to agencies at risk of not implementing the policy.

The policy has been updated for the extension period. It has a new foreword by our Director General, Simon Froude and the examples and actions have been updated to reflect changes in the information management environment.

Terminology

This policy applies to Australian Government digital and non-digital records, information and data which are created, collected, received and kept as part of government business.

The policy uses the term ‘information asset’ to refer to records, information and data collectively and ‘information management’ to refer to their collective management.

Purpose

The purpose of this policy is to improve how Australian Government agencies create, collect, manage and are able to use information assets. Effective information management facilitates delivery on government objectives to better support, protect and serve the Australian community – now and in the future. Well-managed information also increases community trust in the public record of government.

The Archives Act 1983 sets obligations for the management of information assets for Australian Government agencies. It enables National Archives to determine standards and provide advice as part of its oversight of Australian Government information management.

This policy identifies key requirements and actions for Australian Government agencies to build information management capability and address areas of lower performance. Meeting these requirements will ensure that the information assets of the Australian Government are created, kept and maintained effectively and efficiently. This will enable the long-term and sustainable use and re-use of government information.

In line with National Archives’ previous policies, this policy supports several whole-of-government agendas led by other agencies through its improvement of Australian Government information management. These agendas include Australian Public Service reform, data use and re-use, digital transformation of service delivery to the community, and building public trust in government.

The Building trust in the public record: managing information and data for government and community policy builds on the National Archives’ previous policies, Digital transition (2011) and Digital continuity 2020 (2015), to support agencies to effectively manage information assets.

The Australian Government has made considerable progress in transitioning to digital information management under these policies. This policy maintains the emphasis of previous policies on the necessity for robust information governance and fit-for-purpose information management. It enables continuous improvement in contemporary Australian Government information management, and highlights a requirement to reduce areas of information management inefficiency and risk.

This policy originally applied from 1 January 2021 until 31 December 2025. It has been extended for an additional 3 years until 31 December 2028.

Policy application

This policy identifies key information management requirements for agency heads, who are accountable for information governance in their agency. It provides supporting actions and guidance for information managers responsible for its implementation.

It is vital that everyone who works for, or on behalf of, the Australian Government (including contractors, consultants and volunteers) understands their responsibility to manage information well.

This policy applies to non-corporate and corporate Commonwealth entities, and wholly owned companies including government business enterprises. These are collectively referred to as agencies.

Ultimately, this policy is for the community. It ensures government records, information and data are created, collected and managed effectively to serve the community and protect rights and entitlements. This includes the community’s right to access government information to understand the basis of government decisions and actions, as part of accountable democracy.

Role of the National Archives of Australia

This policy has been developed by National Archives of Australia to enable continuous improvement in managing Australian Government information assets.

Under the Archives Act 1983, National Archives:

  • determines information management standards for Australian Government agencies
  • ensures the Australian Government creates and keeps records of its decisions and actions to demonstrate accountability to the community and evidence the integrity of the operations of the Australian Public Service
  • authorises destruction of information assets with no ongoing value to government or community
  • selects and preserves the most significant records of the Australian Government and makes them available to government and community as a national resource to enrich and inform how we live today.

Other key agencies

Each Australian Government agency has a unique set of specific and whole-of-government requirements for the creation, management and use of information assets. These requirements include Australian Government agencies meeting their responsibilities to create, manage, preserve and retain information to meet the provisions of the Archives Act 1983 and are foundational to business productivity and government accountability.  

National Archives’ advice on, and standards for, the creation and management of Australian Government information assets complements and supports the work of other key information agencies.

The roles of other key agencies in the Australian Government information asset and digital environment are described in Appendix B.

They guide and assist the Australian Government’s management, use and re-use, of its information assets through policy and advice on:

  • protective security, cybersecurity and protection of personal information
  • whole-of-government and shared ICT and digital services
  • improvement in performance management of Australian Government resources
  • improvement in workforce digital and data capability
  • giving effect to public rights of access under freedom of information legislation
  • delivering quality statistical services and trusted data and statistics
  • improving the Australian Government’s capability to maximise sharing of public sector data, and release of non-sensitive data, for use and re-use.

The Building trust in the public record policy provides an overarching framework for good information management practice. Data is an increasingly important type of information. It is a valuable resource and to unlock its full potential it must be managed well. Data management is a complementary discipline to records and information management. Within their unique operating environments agencies may have specific plans, policies and practices to manage and enhance the value of public sector data.

Each of the key information agencies, described in Appendix B, with National Archives, have important roles in supporting Australian Government agencies to manage public sector data to enable its use and re-use. These roles include:

  • developing public data policy to maximise data-sharing and release and to build public trust in government data
  • optimising trusted access to, use, and re-use of public sector data
  • ensuring its preservation and authenticity
  • building technical infrastructure to support data use
  • uplifting data capability though professionalisation of the Australian Public Service data workforce
  • improving performance management of public sector data.

National Archives worked collaboratively with these agencies during the development of this policy to ensure consistency of Australian Government policy advice for managing information assets. The National Archives will continue to collaborate with key information agencies to promote aligned guidance and support on the management of Australian Government information assets.

Policy statement

Agencies will:

  • manage information assets strategically with appropriate governance and reporting to meet current and future needs of government and community
  • implement fit-for-purpose information management processes, practices and systems that meet identified needs for information asset creation, use and re-use
  • reduce areas of information management inefficiency and risk to ensure public resources are managed effectively.

Managing information assets to enable trusted use by government and community

In 2017, National Archives issued the Information management standard for Australian Government. This standard is consistent with the international and Australian standard AS ISO 15489.1 (2017) Information and documentation – records management, part 1: concepts and principles. The Information management standard for Australian Government sets out principles for the management of information to support agencies to meet business, government and community needs and expectations.

The list below  illustrates how to manage information assets to enable trusted use based on the 8 principles of the standard for the Australian Government. The requirements and actions outlined in this policy are consistent with the principles of that standard. 

Information assets should be:

  1. Governed systematically
  2. Created accurately and completely
  3. Described so they can be found and understood
  4. Stored securely and preserved so they remain usable
  5. Kept for as long as needed by government and community
  6. Accountably destroyed when no longer needed
  7. Kept in fit-for-purpose systems and managed according to value and use
  8. Available for reliable use and re-use by government and community

The principles and recommended actions of the standard can be mapped against the statements and actions of this policy. Read more about the relationship between the standard and policy.

Why good information management is important

Contemporary information management is different from past practices. Digital technologies are constantly evolving, providing opportunities for more efficient ways of working. This can also lead to information management challenges.

Agencies today rarely create and organise their information assets centrally. Instead, they create and keep them in a variety of locations, onsite and cloud-based, using many formats, applications and systems. Over time, formats and systems become outdated and need active intervention to preserve the accessibility, authenticity and stability of content.

Information management is not an end in itself. Agencies risk basing their activities and decisions on incomplete and inaccurate information when information assets are poorly managed. Good information management maximises the value of an agency’s information assets by ensuring they can be found, used and shared to meet government and community needs.

Information assets are poorly managed when they are:

  • inaccurate or incomplete
  • without adequate description to establish their authenticity – for example, when their origin or context is unknown
  • unnecessarily duplicated
  • siloed in different systems where all needed information cannot be retrieved, or information cannot be exchanged
  • vulnerable to unauthorised access, including security and data breaches
  • unable to be accessed because they have been prematurely destroyed or stored in outdated technologies
  • kept longer than necessary.

Poor information management increases the risk that agencies will:

  • make bad business decisions
  • compromise the rights and entitlements of members of the community
  • enable the unauthorised release of sensitive information
  • spend public money storing and managing information assets that are no longer needed
  • endanger community trust in the government’s ability to manage and use information
  • provide inefficient services to the community
  • be unable to properly advise or report to the minister and other stakeholders.

Good management delivers trusted information assets that:

  • provide a sound basis for defensible, evidence-based decisions and policies
  • support rights and entitlements and government accountability
  • mitigate business risk, including business continuity and reputational risks
  • are a foundation for reliable research and findings
  • enable innovation
  • support strategic objectives and business outcomes
  • can be used, shared and re-used responsibly and ethically
  • are available for use now and in the future
  • can be maximised in value as a government and community resource
  • build community trust in government.

Improving information management performance

National Archives' Check-up surveys measure agencies’ progress in managing Australian Government information assets.

Over the initial period of the policy, the average score for overall information management capability has increased from 3.6 out of 5 in 2022 to 3.7 out of 5 in 2024. Whilst the improvements are modest, the scores are trending upwards. The areas of lowest performance were interoperability of data between systems, sentencing (recording when information assets can be destroyed or transferred to the National Archives), destroying information assets and transferring information assets to National Archives.

This policy identifies 3 key requirements for Australian Government agencies to address these capability gaps and improve their information management performance.

These key requirements are further described below.

1. Manage information assets strategically with appropriate governance and reporting

Effective governance ensures that information management is aligned with strategic objectives to improve business outcomes and mitigate risk. It includes looking over the horizon and having a vision of what information assets will be needed in the future and how to manage them to meet agency, government and community needs.

A strategic assessment of current and future needs for information, and a plan for how to manage information to meet those needs, should be documented and reported to senior management. Each agency will have business-specific needs for information, as well as the need to meet broader commitments to open, responsive and inclusive government.

It is important to identify and register information assets held by Australian Government agencies.

Agencies should document the value of information assets to the business and other stakeholders and include high-level management considerations such as sensitivities associated with the information. This results in known information assets that can be managed according to their value and made available appropriately for government and community use.

Good governance includes senior management support for building an organisational culture that respects the value of information assets to business and the community. Information management policies should have an accountability framework to ensure staff know and meet their responsibilities when creating and using information assets.

Information managers should report regularly to senior management on progress made in managing information assets. Internal reports should document:

  • the risks of not following recommended practices for managing information assets
  • the mitigation strategies in place for information management risks.

Case study: Good information governance ensures that all obligations are known and met

In 2023, Australian Public Service Integrity Taskforce completed the Louder than words – an APS integrity action plan, which includes a recommendation to reinforce the importance of good record keeping for integrity (2023:17). Recordkeeping is essential for demonstrating accountability in APS decision-making. It is also a basic legal requirement of being a public servant. Recordkeeping enhances transparency and ensures we are accountable for how we deal with public resources. 

The report highlights the need to increase APS understanding of why recordkeeping is essential to integrity, as well as addressing potential disincentives to recordkeeping in the Commonwealth’s freedom of information laws. It also highlights the need for agencies to assess if their records management teams are sufficiently skilled and resourced (2023:17).

Source: https://www.pmc.gov.au/resources/louder-words-aps-integrity-action-plan

What success looks like

Agencies have up-to-date governance arrangements covering all information assets.

Agencies have an enterprise-wide, strategic approach to managing information assets to meet current and future needs. They identify areas of lower information management capability and performance, and have plans to address them.

Agencies identify information assets and register them where there is business value in doing so.

Staff have the necessary skills and knowledge to manage information according to its value as a business and community asset. Plans are in place to address capability gaps, in particular for staff with specialist information management roles.

Senior management visibly and proactively supports information management. There are internal structures for senior managers to engage with skilled information management professionals.

Agencies report internally, on a regular basis, to monitor their information management progress. Risks of not following recommended practice, and mitigation strategies, are documented. Agencies assess their information capability progress through the National Archives' survey tool – Check-up.

2. Implement fit-for-purpose information management processes, practices and systems

Information management processes, practices and systems are fit-for-purpose when they meet identified needs for accurate information creation and use. Agencies need to assess what is ‘fit-for-purpose’ for their information needs. This should be based on:

  • specific business needs to manage and use information
  • the type of information, which can vary from case records relating to individuals, to large and dynamic datasets
  • the value of the information
  • other stakeholders who need to use the information
  • special characteristics of the information, such as its sensitivity.

'Fit-for-purpose' will vary based on this assessment. For example, agencies will need some systems to share information and these systems will need the functionality to support interoperability. Other systems will not require this functionality as agencies will need them to be standalone to protect highly sensitive information from unauthorised use. Both systems are fit-for-purpose.

Members of the Australian community interact with the Australian Government throughout their lives. Individuals pay taxes, seek advice and make applications for citizenship, pensions, and other rights and entitlements. The community expects the government to create and keep records as evidence of these interactions to enable current and future rights and entitlements. Well managed records enable the government to provide responsive services to members of the community and this builds trust in how the government operates.  

A priority for the Australian Government is to provide world-class, connected services tailored to business and community needs, with easier interactions with government. Accurate and reliable information assets are required to meet these outcomes and to inform decisions about how they can be achieved.

The ability to share and exchange data between systems, and reduce unnecessary data silos, is key to supporting connected services. This will also facilitate the government’s commitments to release and share data to maximise its use and re-use. Working towards interoperable information management systems with standardised descriptive information (metadata) across government, where practical, will create efficiencies for data exchange. It will also facilitate integration of datasets within and between agencies during times of administrative change.

Information assets typically have a life span beyond the initial technology in which they were created or delivered. They may need to be migrated across several systems during their period of use. Agencies need to plan ahead to preserve both the content of the information asset and information about its context. Context includes where it originated or who created it, when it was created and how it was used. Preservation of content and context is critical to ensuring continuity of government services and accountability.

What success looks like

Agencies assess and meet information management needs when systems are purchased, designed or upgraded. Business systems, including whole-of-government systems, have appropriate functionality to manage information assets. This includes maintaining the availability and integrity of data.

Information assets have adequate and standardised descriptive information (metadata) that facilitates business use and data-sharing. The content and context of data is known, can be verified and can be understood.

Information practitioners are involved in interoperability programs ensuring that information management requirements are considered and implemented.

Agencies implement strategies, including digital preservation strategies, to ensure information assets are available and usable for as long as they are required.

Agencies use sustainable digital file formats to ensure content is available for as long as it is needed.

Case study: Fit-for-purpose records management should meet needs for the information

An analysis of performance audits for 2023–24 conducted by the Australian National Audit Office noted negative findings on record keeping in all 45 reports tabled (2023–24 Performance Audit Outcomes, 2024:8). Their findings show that getting the ‘basics right’ in terms of records management processes continues to be a challenge across the public sector.

Deficiencies in record keeping practices within the public sector remains a risk for entities in evidencing decision-making and creates issues for transparency and review, including for auditing. Management of information by entities, including the appropriate classification and storage of information, remains a key issue for the sector. (2024:66).

Source: https://www.anao.gov.au/work/information/2023-24-performance-audit-outcomes

3. Reduce areas of information management inefficiency and risk

There are areas of known inefficiency and potential risk in the way some Australian Government information assets are currently managed. These include:

  • information assets that are not managed digitally when they could be, including by printing to paper
  • legacy systems that are based on outdated technologies needed for day-to-day operations which do not meet modern information management needs
  • large quantities of information assets whose value has not been assessed, or which are kept past the period for which they are needed.

Digital information assets and processes enable information to be readily accessed, shared and integrated into service delivery. Digital processes are more efficient for most client service delivery.

Systems based on outdated technologies do not perform optimally to meet business needs. They may not be able to share data or analyse it effectively. It is a government priority to review and update these systems where required. Responsible management of information assets must be an integral part of any system upgrade or migration. Agencies should not decommission systems without considering how the information assets they hold might be needed in future and if they can be accountably destroyed.

Legacy information assets are information assets that are no longer required for agency business purposes. They may be in known locations, in neglected or inaccessible systems, in forgotten cloud-based platforms, in removable storage devices or in a variety of physical locations. Often the content and value of legacy information assets is unknown, which means that the most significant Australian Government records of Australia’s history may be at risk.

Agencies should manage information assets according to their value. This includes regularly documenting how long information assets must be kept (sentencing) and accountably destroying them when they are no longer needed. National Archives is responsible for authorising the minimum period of time for which Australian Government information assets must be kept. This authorisation is provided through legal instruments that agencies must use for accountable sentencing and destruction.

Keeping information assets for longer than needed has financial, resourcing and efficiency costs. It may make needed information assets more difficult to find – for example, when searches retrieve outdated and irrelevant information. Large quantities of legacy information assets, particularly if they are held in outdated insecure systems, are a ‘honey pot’ for hackers, potentially exposing the information to privacy and security risks.

Case study: Inefficiencies impact on service delivery and expose the government to risk

The Office of the Australian Information Commissioner publishes statistical information about data breach notifications. One incident reported in 2024 affected over 10 million Australians. The number of data breaches notified to the regulator in the first half of 2024 was at its highest in three and a half years (Notifiable data breaches report January to June 2024, 2024:2).

Data breaches highlight the risks of retaining personal information for longer than needed. The more personal information an entity holds, the greater the possible scale and complexity of a data breach. Entities should ensure they have systems and processes in place to regularly review whether it is still necessary to retain personal information. (Notifiable data breaches report July to December 2024).

Source: https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-january-to-june-2024

https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-july-to-december-2024

What success looks like

  • Agencies work digitally by default and manage information in digital format.
  • Agencies regularly review analogue processes and replace them with digital processes.
  • Agencies meet information management requirements when migrating, upgrading or decommissioning outdated systems.
  • Agencies regularly record how long information assets should be kept (sentence them) so they are managed according to their value.
  • Agencies promptly destroy information assets, when they are no longer required for business purposes, under the relevant authority. In accordance with approved arrangements, they transfer the most significant information assets to the care of the National Archives. This includes transferring custody of information assets to the National Archives or entering into agreed distributed custody arrangements.

Guidance and support

Appendix A provides a list of actions for agencies to successfully implement this policy. To support agencies to implement the policy, the National Archives:

  • has updated existing advice and products and developed new advice and products
  • will review existing products and advice made available online throughout the initial policy period and provide new products and advice when required
  • will engage with agencies to understand what further assistance they need.

Agencies should contact the Agency Service Centre with any queries regarding this policy.

Authority

Under section 2A of the Archives Act 1983, National Archives has the authority to determine standards, and provide advice on managing Australian Government records.

The Act’s definition of a ‘record’ covers any form of documented information kept because of the information that can be derived from it or its connection with an event, person, circumstance or thing.

National Archives will report annually to its minister on the status of information management in agencies and make recommendations for further improvements.

Appendix A: Actions for policy implementation

Purpose

This document provides implementation advice to assist agencies to meet the key requirements described in the Building trust in the public record policy statement – that is, that agencies will:

  • manage information assets strategically with appropriate governance and reporting to meet current and future needs of government and community
  • implement fit-for-purpose information management processes, practices and systems that meet identified needs for information asset creation, use and re-use
  • reduce areas of information management inefficiency and risk to ensure public resources are managed effectively.

Implementation

The key requirements in the Building trust in the public record policy statement are described at a high level. This implementation advice provides actions for agencies to undertake to meet those requirements. Most of the actions listed are recommended as good practice to achieve the policy’s desired outcomes. There are 3 mandatory actions: 1, 9 and 14. Actions 1 and 9 are carried through from National Archives’ previous policies, Digital transition (2011) and Digital continuity 2020 (2015). Action 14 is based on section 27 of the Archives Act 1983.

The previous Attorney-General and Minister for Industrial Relations endorsed the policy, its strategic objectives and its 3 mandatory actions on 20 November 2020.  This endorsement acknowledges the vital role well managed information assets play in Australian Government integrity, accountability and transparency and the need for continuous improvement of Australian Government information management.

National Archives recognises that there is a diversity of agencies across the Australian Government, with different business responsibilities, resources, risk tolerances, capabilities and information management environments. What might be a priority action for one agency may not have the same urgency for another.

The Building trust in the public record policy gives agencies flexibility to take action in the manner and order that best meets their business needs.

National Archives will monitor whole-of-government progress in implementing the policy through the Check-up survey or its equivalent.

National Archives will help agencies implement the policy by providing a range of supporting guidance and tools. Collaborative approaches and solutions to common problems will be sought and shared through ongoing engagement with Australian Government agencies. This engagement will include continued consultation with other information policy agencies to facilitate alignment of information management requirements and guidance across government, where this is possible. National Archives will also actively participate in whole-of-government information management improvement initiatives.

Manage information assets strategically with appropriate governance and reporting

Number Actions for Australian Government agencies  Obligation
1 Assess your information management capability using the National Archives' survey tool – Check-up or other method determined by the National Archives of Australia. Mandatory
2 Review and update your information governance framework to incorporate enterprise-wide information management. This should include governance for records, information and data. 
Develop an information governance framework if one does not exist.		 Recommended
3 Review and update roles and responsibilities for your Information Governance Committee and Chief Information Governance Officer to include enterprise-wide information management. 
Establish an Information Governance Committee and Chief Information Governance Officer role if they do not exist.		 Recommended
4 Create an enterprise-wide information management strategy. Recommended
5 Create and maintain information asset register(s). Recommended
6 Identify staff capability gaps in information management, in particular for staff with specialist information management roles, and plan to address them. Recommended
7 Proactively support information management at a senior management level and have mechanisms in place for senior managers to engage with skilled information management professionals. Recommended
8 Monitor progress made towards achieving policy actions and regularly report on progress to senior management. Document risks of not following recommended practice. Recommended

Implement fit-for-purpose information management processes, practices and systems

Number Actions for Australian Government agencies Obligation
9 Manage all digital information assets, created from 1 January 2016, digitally.
Information assets created digitally from this date, that are eligible for transfer to the National Archives, will be accepted in digital format only. 		 Mandatory
10 Ensure business systems, including whole-of-government systems, meet minimum metadata and other functional requirements for information management. This includes ensuring systems have import and export capability.  Recommended
11 Contribute to interoperability programs by ensuring that metadata management, migration and disposal functionality meet information management requirements.  Recommended
12 Implement strategies, including storage and preservation strategies, for the management of all information assets.  Recommended
13 Create digital information assets in sustainable digital formats. Recommended

Reduce areas of information management inefficiency and risk

Number Actions for Australian Government agencies  Obligation
14 Identify RNA records and develop a plan to transfer those records to National Archives to meet the requirements of section 27 of the Archives Act 1983. Mandatory
15 Identify remaining analogue processes and plan for transformation to digital, based on business need. Recommended
16 Identify poorly performing legacy systems; address information management requirements when upgrading, migrating and/or decommissioning systems to meet business needs. Recommended
17 Sentence information assets regularly and promptly destroy information assets of temporary value when no longer needed. Recommended

Policy actions and supporting advice

1. Manage information assets strategically with appropriate governance and reporting

2. Implement fit-for-purpose information management processes, practices and systems

3. Reduce areas of information management inefficiency and risk

Appendix B: The Australian Government information asset and digital environment

National Archives leads Australian Government information management by developing policies, standards and advice to assist Australian Government agencies.

National Archives authorises the retention and destruction of Australian Government information assets. It also identifies, preserves and makes accessible the most significant information assets of the Australian Government.

National Archives' work complements that of other key agencies (listed below) which build capability in, or provide advice about, the management and use of Australian Government information assets.

Key agencies

Attorney-General's Department

Responsible for privacy, and freedom of information legislation.

Australian Bureau of Statistics

Delivers quality statistical processes and services, in addition to trusted and objective data and statistics. Supports data capability reforms in the Australian Public Service.

Australian Public Service Commission

Delivers professional development, strengthening digital and data capability across the Australian Public Service workforce.

Australian Signals Directorate

Delivers cybersecurity advice and assistance to Australian governments, business and critical infrastructure, as well as to communities and individuals.

Department of Finance

Delivers policy and guidance on public sector resource management, governance and accountability to improve performance management of Australian Government assets, including information assets and whole-of-government ICT services.

The Office of the National Data Commissioner is part of this agency portfolio. It delivers public sector data-sharing policy and guidance such as rules for controlling and accessing government data, administration of the Data Availability and Transparency Act 2022 and the data-sharing framework for all agencies.

Department of Home Affairs

Delivers protective security policy and guidance including protection and information security classification of information assets.

Department of Infrastructure, Transport, Regional Development, Communications and the Arts

Responsible for archives legislation. Enables communications connectivity, and protects and promotes Australian content and culture.

Digital Transformation Agency (Department of Finance)

Delivers strategic and policy leadership on whole-of-government and shared ICT and digital services to support transformation of Australian Government digital services. An Executive Agency within the Finance Portfolio.

Office of the Australian Information Commissioner (OAIC) (Attorney-General's Department)

Delivers privacy and freedom of information guidance, and regulatory activities to protect personal information and give effect to the public's right to access information held by the Australian Government.