Background
Information is a strategic resource that underpins the key functions and decision making processes of a local government. The way information is managed, including the technology used to support it, is therefore central to local government's business
practices. Alongside its physical, human and financial resources, a local government must manage its information resource in a way that enables services to be delivered that best meet community needs and the priorities set by Council.
The Integrated Planning and Reporting Framework (IPR) sets out how local governments should plan for their future through the development of Strategic Community Plans and Corporate Business Plans.
The resources needed to implement these plans are identified and managed through asset management plans, workforce plans and long-term financial plans. In a similar way, information and information technology resources can be planned for and managed so
that they support the strategic objectives and priorities of the organisation, as well as ensuring the business continuity of its day-to-day operations.
Information and Communications Technology is also an important foundation for the other resourcing plans.
The ICT Strategic Framework sets out the key components that need to be considered in managing an organisation's information resources. It represents the key elements, and their relationships, that might be expected in an "ideal" environment. In reality,
the extent to which it is applicable will obviously depend on the size and complexity of the individual local government. It recognises that there will be differing capacity within the local government sector to implement ICT and to manage it in line
with the IPR Framework.
The Framework is not a compliance requirement. It is a resource that local governments can use to plan for, manage and review their information and technology assets. It will be accompanied by a number of templates, guides and supporting documents that
are designed to assist these processes.
What is ICT?
Information and Communications Technology or ICT refers to technology that will store, retrieve, manipulate, transmit or receive information electronically or in a digital form. It includes hardware, communications devices or applications, including computer
hardware, software, network infrastructure, video conferencing, telephone and mobile phones.
Adequate and appropriate ICT underpins all aspects of a local government's work. It is integral to the delivery of local government services: from the provision of information and advice, to providing better analysis of environmental, demographic and social
change for better land use management and planning. ICT also supports local government back office operations, providing data storage, information management, email and mobile communications. The rapid adoption of mobile, on-demand, and social media
technologies has changed expectations of service delivery. These developments offer an opportunity for local government to provide services in new ways, and to interact through new modes. Mobile, internet and cloud technologies provide further opportunities
for innovation and efficiencies in service delivery.
What is the ICT Strategic Framework?
The ICT Strategic Framework provides a high level framework for the effective management of information and technology to ensure ICT systems are controlled and maintained in line with corporate objectives and emerging trends.
The ICT Strategic Framework will be accompanied by supporting documents and tools such as the ICT Maturity Model, templates and example documents, policies and strategic plans, which are key resources for effective implementation of the framework.
Purpose of the ICT Strategic Framework
The ICT Strategic Framework has been developed as a tool to:
- assist Chief Executive Officers, executive team and elected members to better understand the complexity of managing information and technology within local government.
- encourage local governments to improve their ICT capability.
- enable each local government to operate at or above the ICT Baseline Standard.
- ensure ICT is adequately managed to support all aspects of local government operations, and
- support all related elements of the Integrated Planning and Reporting Framework.
Implementation of the ICT Strategic Framework is integral to achieving the outcomes of the Integrated Planning and Reporting Framework. The ICT Strategic Framework establishes an ICT Baseline which identifies the minimum requirements for the effective
provision of information management and information technology services to effectively support local government operations. Understanding the complexity of information and technology management within local government is the first step in applying
the necessary measures to ensure that the baseline ICT standards are being met.
Who is involved?
The ICT Strategic Framework is targeted at local government staff responsible for managing Information Technology and Information Services (Records), and/or delivering ICT services. The ICT Strategic Framework has also been designed as a tool for local
government Chief Executive Officers, executive teams and elected members to understand the complexity of managing information and technology within local government.
About the Framework
The ICT Strategic Framework is made up of eight elements:
- governance
- emerging trends and technologies
- business systems and applications
- infrastructure and technology
- IT business continuity
- security
- project management
- information management
These elements should all be considered in managing information, systems, networks and infrastructure to ensure that ICT systems are secure, protected from risk, adequately tested and controlled, and developed and maintained in line with corporate objectives.
The first seven elements and their relationships comprise an Information Technology Framework. The eighth element consists of important subsets and has been developed as a separate but related Information Management Framework. Both frameworks are underpinned
by Supporting Documentation (see section 4.5 onwards 'Information Technology Framework Supporting Documentation'). This includes the policies, plans, strategies and registers required as baseline to enable effective implementation of the framework.
The frameworks should be used in conjunction with the ICT Maturity Model to assess the capability of the local government in relation to its size and functions, and to develop appropriate action plans in response.
Information technology framework
The Information Technology Framework provides a high level framework for the effective management of IT within local government. The framework identifies the elements of IT that should be considered as a minimum baseline, in managing systems, networks,
devices and data, to ensure that they are secure, protected from risk, adequately tested and controlled, and developed and maintained in line with corporate objectives.
What is the structure of the IT Framework?
The IT Framework represents the discipline of IT management as comprising seven key elements. The framework has been designed with four pillars reflecting the four main IT disciplines, with Governance overarching all aspects of IT at the top of the framework,
and robust project management underpinning the framework. The positioning of Emerging Technologies and Trends over the four pillars of IT recognises the role that disruptive technologies has on the delivery of IT services.
The key elements of the IT Framework are:
- Governance — the guiding strategies, principles and practices that guide the correct and effective delivery of ICT, and provides a framework for ICT decision making.
- Emerging Trends and Technologies — the emerging trends and technologies providing challenges and opportunities for local government in managing ICT systems and resources, and delivery of future ICT services.
- Business Systems and Applications — the software systems and applications used by a local government.
- Infrastructure and Technology — the hardware and network infrastructure used to deliver local government ICT services.
- IT Business Continuity — the activities undertaken to enable a local government to perform its key functions and deliver its ICT services.
- Security — protecting information and systems from unauthorised access, use, modification, disclosure or destruction.
- Project Management — the discipline of planning, organising, controlling, and managing resources to achieve specific goals.
The key elements are each made up of a number of lower level elements. Together, these elements describe the discipline of managing each of the key elements identified within the framework. It is important to note that all elements of the framework are
interrelated and consideration should be given to how the elements interrelate when using and implementing the framework.
Information Technology Framework
Governance
- ICT Strategy and Planning
- Risk Management
- ICT Procurement
- Policy, Process and Procedures
- Performance Measurement
- ICT Resource Management
- Monitoring and Compliance
- ICT Sourcing Models
Emerging Trends and Technologies
- Social Media
- Smart Phones and Devices
- Bring-Your-Own-Device (BYOD)
- Cloud Computing
- Online Services
- Open Data
Business Systems and Applications
- Software Acquisition
- Software Design and Development
- Software Maintenance and Management
- Business Process Analysis
- Integration
- Software Scoping and Requirements Definition
- Testing and Implementation
- Change Management
- Version Control
Infrastructure and Technology
- Infrastructure and Architecture
- Virtualisation
- Capacity Management
- Communications and Network Management
- Data Storage
- IT Asset Management
- Systems Acquisition
- Systems Design and Development
IT Business Continuity
- Disaster Recovery
- Contingency Planning
- Backups
- Replication
- Redundancy
- Data Recovery
- Emergency Response
Security
- Access Management
- Authentication
- Audit
- Remote Access
- Incident Management, Reporting and Response
- Physical and Environmental Security
- Network and Communications Security
Project Management
- Initiation
- Planning
- Execution
- Reporting
- Monitoring and Controlling
- Closing
Defining key elements of the ICT Framework
A definition of the terms used to describe the key elements of the IT Framework is provided in the following schedule.
Governance
Governance describes the guiding strategies, principles and practices that guide the correct and effective delivery of ICT, and provides a framework for ICT decision making.
Governance Definitions
| Element | Definition |
|---|
| ICT Strategy and Planning | ICT Strategy and Planning involves: Conducting ICT strategic planning Developing systems and delivering ICT services in line with an approved ICT Strategic Plan Alignment of the ICT Strategic Plan with the Local Government Strategic and Community Plans Involving IT in corporate planning. |
| Risk Management | Risk Management is the identification, assessment, and prioritisation of risks followed by coordinated and economical application of resources to minimise, monitor, and control the probability and/or impact of unfortunate events.1 |
| ICT Procurement | ICT Procurement involves the acquisition of ICT goods and services. |
| Policy, Processes and Procedures | Policy, Process and Procedures means having documented and approved ICT policies, processes and procedures in place that staff are aware of, have access to and are actively using. |
| Performance Measurement | Performance Measurement is the process for measuring and reporting performance of ICT services, often measured through tools such as Key Performance Indicators (KPIs) or service level agreements. |
| Performance Management | Performance Management is the activities which ensure that goals are consistently being met in an effective and efficient manner.2 |
| Monitoring and Compliance | Monitoring and Compliance are the measures and controls in place to monitor compliance of ICT controls, guidelines and procedures. This includes audit logging of systems, identification of anomalies and incident handling provisions. |
| ICT Resource Management | ICT Resource Management is the efficient and effective use of ICT resources (information, systems, networks, infrastructure, devices and people) to deliver ICT services. |
| ICT Sourcing Models | ICT Sourcing Models are alternative ways of delivering ICT services. Alternate ICT sourcing models include managed solutions delivered by a service provider, systems hosting by another local government and cloud computing. |
1. 'Risk Management', Hubbard, Douglas (2009). The Failure of Risk Management: Why It's Broken and How to Fix It. John Wiley & Sons. p. 46.
2. 'Performance Management', Wikipedia,
taken at 14/9/2012
Emerging trends and technologies
Emerging Trends and Technologies provide challenges and opportunities for local government in managing ICT systems and resources, and the delivery of future ICT services.
Emerging Trends Definitions
| Element | Definition |
|---|
| Social Media | Social Media is an online media platform that allows users to generate and share content over the internet using technologies that promote engagement, sharing and collaboration. |
| Smart Phones and Devices | Smart Phones and Devices are electronic computing devices that are cordless, mobile and connected to the internet and include smart phones and tablet devices. |
| Cloud Computing | Cloud Computing is an IT delivery model that allows software, servers and storage to be provided over a network or the internet on a pay-as-you-use basis. |
| Bring Your Own Device (BYOD) | Bring-Your-Own-Device is a hardware strategy that allows staff to use their own personal computing device for work purposes, such as smart phones and devices. |
| Online Services | Online Services is the delivery of local government services over the internet, such as online lodgement of customer service requests, building and development applications, payment of rates, licences and infringements. |
| Online Applications | Mobile Applications refers to the development and use of mobile applications to allow local government information and services to be accessed using a smart phone or smart device. |
| Open Data | Open Data is the concept that government data should be freely available to everyone to use as they wish, typically over the internet and/or using a smart phone or device. |
Business systems and applications
Business Systems and Applications refers to all the software systems and applications used by a local government.
Business systems and applications definitions
| Element | Definition |
|---|
| Software acquisition | Software Acquisition is the process of purchasing software, including software evaluation and defining user requirements. |
| Software Design and Development | Software Design and Development is the process of designing and developing software and applications. |
| Software Maintenance and Management | Software Maintenance and Management is the process of maintaining, upgrading, supporting and managing software systems and applications. |
| Business Process Analysis | Business Process Analysis refers to the process of analysing and documenting the business processes of a local government. |
| Integration | Integration of software systems and applications to enable sharing of data between systems. |
| Requirements Definition | Requirements Definition is the process of identifying and documenting what the business needs are when acquiring or developing new software systems or modifications to existing systems. The requirements should be documented, actionable, measurable and testable, and related to identified business needs and defined to a level of detail sufficient for system design. |
| Software Scoping | Software Scoping is the process of defining the purpose, functions and features of a software system. |
| Testing | Testing is the process of adequately testing software systems or upgrades prior to implementation, including test implementation and user acceptance testing. |
| Implementation | Implementation describes the processes involved in getting new software operating properly in its environment, including installation, configuration, running, testing, training and managing change.3 |
3 'Implementation', TechTarget, accessed 21/9/2012
Infrastructure and technology
Infrastructure and Technology refers to the hardware and network infrastructure used to deliver local government ICT services.
Infrastructure and technology definitions
| Element | Definition |
|---|
| Infrastructure | Infrastructure refers to the physical IT hardware such as servers, network equipment, communications devices. |
| Architecture | Architecture refers to the design of the infrastructure environment used to interconnect computers and users, including server room and network design. |
| Virtualisation | Virtualisation is the process of creating virtual (rather than actual) hardware platforms (server or desktop environment), operating systems, storage devices, or network resources.4 |
| Capacity Management | Capacity Management is the process of managing IT resources to ensure resources such as disk space, memory and processing capability meets current and future business requirements in a cost-effective manner.5 |
| Communications and Network Management | Communications and Network Management are the activities involved in managing a local government's local and wide area network, including data, voice and internet communications. |
| Data Storage | Data Storage means disk or network storage space, memory or media required to store digital data. |
| IT Asset Management | IT Asset Management is the practice of effectively managing the life cycle of software and hardware assets, including acquisition, implementation, maintenance, utilisation, and disposal to support strategic IT decision making.6 |
| Systems Aquisition | Systems Acquisition is the process of purchasing systems hardware and network equipment, including defining business requirements and system evaluation. |
| Systems Design and Development | Systems Design and Development is the process of designing and developing hardware platforms, networks and infrastructure architecture. |
4. 'Virtualisation', Wikipedia, accessed 21/09/12
5. 'Capacity Management', Wikipedia, accessed 21/9/12
6. 'IT Asset Management',
adapted from Software Asset Management definition, Wikipedia Management, accessed 21/9/2012
The IT business community
IT business continuity describes the activities undertaken to enable a local government to perform its key functions and deliver its ICT services.
IT business community definitions
| Element | Definition |
|---|
| Disaster Recovery | Disaster recovery involves all activities required to restore a system, service or data to its state prior to a disaster, or the closest achievable state depending on the success of the disaster recovery operation. |
| Contingency Planning | Contingency planning refers to planning for alternative business outcomes to mitigate against risk. |
| Backups | Backups is the process of backing up data and systems and storing them offsite to ensure that data and systems can be recovered as required. |
| Replication | Replication involves replicating data and systems to a secondary site to provide resiliency and business continuity in case of an unplanned event or disaster. |
| Redundancy | Redundancy of systems, networks and communications links to mitigate risk and provide resiliency and business continuity. |
| Data Recovery | Data recovery is the process involved in restoring data following an unplanned event or disaster. |
Security
Security means protecting information and systems from unauthorised access, use, modification, disclosure or destruction.
Security definitions
| Element | Definition |
|---|
| Access Management | Access management involves the management of user access to systems, including assigning and revoking privileges and permissions, authentication and authorisation procedures. |
| Authentication | Authentication is the process by which users are identified on a system or network. |
| Audit | Audit refers to the examination of the management controls within IT infrastructure, to determine if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the local governments goals
or objectives. An IT audit may be performed in conjunction with a financial statement audit, internal audit, security incident or breach.7 |
| Remote Access | Remote access is the provision of access to a local government's information systems to staff working outside of the main administration centre or wide area network. This can include from the works depot, museum, recreation centre, or staff
working from home. Remote access is typically provided over the internet and secured by technologies such as a virtual private network, terminal services, virtual desktop solutions (e.g. Citrix or VMware) and/or remote desktop. |
| Incident Management, Reporting and Response | Incident management, reporting and response involves identifying, analysing, reporting, and responding to IT security incidents including taking corrective and preventative action. |
| Physical and Environmental Security | Physical and environmental security refers so providing adequate physical and environmental protection for a local government's ICT assets to prevent unauthorised access, use or destruction.
Physical security describes the physical measures
to deny access to IT systems, networks and information from unauthorised persons.
Environmental security includes all other non-physical security measures to systems, networks and information, such as virtual private networks, antivirus
and other malware strategies and redundancy. |
| Network and Communications Security | Network and communications security involves taking measures to secure local and wide area networks, voice communications and internet links. |
| Change Management | Change management from an IT security perspective, is the process for directing and controlling alterations to the information processing environment. This includes alterations to desktop computers, the network, servers and software, but typically
refers to changes in
processes and workflows that can become disruptive if not managed properly. |
| Version Control | Version control is the process of managing multiple versions of software and electronic files. |
7. 'Audit', adapted from 'Information Technology Audit', Wikipedia, available at, taken 19/9/2012
Project management
Project management is the discipline of planning, organising, controlling, and managing resources to achieve specific goals.
Project management definitions
| Element | Definition |
|---|
| Project initiation | Project initiation is the process of defining the scope of the project. May involve establishing the scope, a project charter, and preliminary project plan. |
| Project planning | Project planning refers to the process of establishing a project plan detailing how a project is to be accomplished within a certain timeframe and with given resources. A project plan usually identifies various milestones and/or stages of
a project and the timeframes in
which they are to be completed. |
| Project execution | Project execution refers to the process of carrying out or implementing the project. Project Execution is the implementation phase of the project plan, and is commenced once the project planning phase is complete. |
| Monitoring and controlling | Monitoring and controlling refers to the process of monitoring progress of the project with regard to the project plan, and controlling resources to ensure delivery of the project on time and within budget. |
| Project closing | Project closing is the process of completing project deliverables, reviewing the outcome of the project against objectives, documenting the lessons learnt, archiving project records and releasing project resources.8 |
8. 'Project Management', Project Management Institute, taken 24/9/2012.
Getting started – implementing the ICT Strategic Framework
The ICT Strategic Framework identifies the key elements for the effective management of information and technology, to ensure that corporate information and ICT systems are secure, protected, tested, controlled, developed and maintained in line with corporate
objectives and respond to emerging trends. The information required, processes and outputs of the ICT Strategic Framework are detailed below:
What information do I have to gather?
The following information should be gathered before the ICT Strategic Framework is implemented. It is important that initial planning occurs to ensure that your local government is able to fully implement the framework and gain a clear understanding of
current capacity.
ICT Supporting Documentation – Identify what strategies, plans, policies, and procedures outlined in the ICT Strategic Framework your local government already has in place.
Local Government Strategic Community Plan – In implementing the ICT Strategic Framework it will be beneficial to understand the long term vision of your local government and the role that ICT contributes to that. This will assist you to develop
action plans that are appropriate to your local government in terms of your present position on the ICT Maturity Model, and where your local government aspires to be.
Challenges and Opportunities – Identify what challenges and opportunities the ICT Strategic Framework presents your local government.
- What are the key ICT issues facing your local government?
- How can implementation of the ICT Strategic Framework assist in addressing these issues?
- What are the IT and IM risk factors facing your local government?
- What are the priority areas for implementation of the ICT Strategic framework?
Internal and External Trends/Issues – What are the internal and external issues and trends that may influence implementation of the framework?
ICT Resourcing Capability – Understand the capacity and capability of your local government to implement the ICT Strategic Framework, with the ICT resources that you have available. The framework provides templates, example policies, strategies,
plans and other key documents that your local government may adopt or adapt to suit your requirements.
What do I have to do?
During implementation of the ICT Strategic Framework, the following steps may be useful:
- ICT Maturity Model – Complete the ICT Maturity Model self-assessment tool provided.
- ICT Baseline – Determine where your local government is on the ICT Baseline standard.
- ICT Risk Assessment – Conduct an ICT risk assessment based on where your local government is on the ICT maturity model and ICT Baseline.
- Priority Areas – Identify priority areas for implementation of the ICT Strategic Framework.
- ICT Resource Capability Analysis – Conduct ICT resource capability analysis to determine your capability for implementing the ICT Strategic Framework.
- Action Plans – Develop an action plan appropriate for your local government.
What do I end up with?
- Key ICT documents such as policies, plans, strategies and registers required as a minimum baseline to enable effective management of ICT within local government.
- A self-assessed classification of ICT maturity on the local government ICT Maturity Model.
- An understanding of where your local government is on the ICT Baseline.
- An action plan to target key areas under the ICT Strategic Framework.
Information Technology Supporting Documentation
The Information Technology Framework Supporting Documentation supports the Information Technology Framework by identifying the types of documents (strategies, policies, schedules and plans) that should be in place to effectively manage information, communications
and technology. The supporting documentation schedule identifies the baseline IT standard for local government, which is the proposed minimum standard for managing local government information technology.
| Governance | Emerging Trends and Technologies | Business Systems and Applications | Infrastructure and Technology | IT Business Continuity | Security | Project Management |
|---|
ICT Strategic Plan* ICT Annual Business plans* Risk Management Strategy and Plan* Internal KPIs and Service Level Agreements | Social Media Policy** Online Services Plan** Cloud Computing Policy Bring-Your-Own-Device Policy Open Data Policy | Systems Documentation* Systems Test and Implementation Plans** Website and Intranet Business Plan Website Accessibility Policy Systems Upgrade Policy Software Asset Management Policy Change Management/Version Control Policy | ICT Acceptable Usage Policy* Systems Documentation** IT Asset Register** IT Asset Management Plan** IT Asset Replacement Policy Infrastructure Capacity Plan Virtualisation Policy** | IT Disaster Recovery Plan* Backup Policy* IT Risk Assessment Matrix** IT Risk Mitigation Plan** | IT Security Policy* Password Policy* Security Audit Policy Incident Response Policy Incident Management Plan** | Business Case* Project Schedule** Project Risk Register** Project Communication Plan Project Statement (defines scope and deliverables)* Project Status Report** Project Issues Register** Project Quality Plan Project Plan* Post implementation Review** |
Asterisks represents suggested minimum requirements to meet the standards below. Those without an asterisk are the advanced (ideal standard). The actual level of uptake needs to be determined by each local government based on its size and specific business
requirements.
* ICT Baseline standard
** Intermediate (Recommended) standard
What is information management?
Information management is the term used to describe all activities concerned with the use of information in all its forms. More formally, information management is defined as the means by which an organisation plans, identifies, creates, receives, collects,
organises, governs, secures, uses, controls, disseminates, exchanges, maintains, preserves and disposes of its information; as well as any means through which the organisation ensures that the value of that information is identified and exploited
to its fullest extent.
What is the Information Management Framework?
The Information Management Framework provides a high level framework for the effective management of information within a local government. The framework identifies the aspects of information management that should be considered to ensure that information
is captured, stored, accessed maintained and disposed of securely and effectively.
The Information Management Framework has been adapted for Western Australian local governments from the Queensland Government Information Management Policy Framework, developed by the Queensland Government Information Office. The Framework represents
the discipline of Information Management as comprising seven key elements:
- Knowledge Management — the practice of extracting extra value from our information, including analysis and reporting.
- Governance — policy, governance, architecture and direction for information and information management.
- Security — confidentiality, integrity and availability of information in line with ISO 27001 and other relevant standards.
- Information Asset Management –— full lifecycle management of information as an asset and classifying and cataloguing it so it can be found and used.
- Information Access and Use — sharing, licensing and use of information so it's easy to find and able to be exploited as widely as possible.
- Record Keeping — ensuring legislative and regulatory requirements are met in the handling of our information.
- Data Management — management and maintenance of the data that underlies our information.
The framework has been designed with Knowledge Management as the highest level and Data Management as the lowest level activity with Record Keeping in the middle representing that it is central to all information management activities. Governance and
Security apply to all aspects of the framework. The key elements are each made up of a number of lower level elements. Together, these elements describe the discipline of managing each of the key elements identified within the framework. It
is important to consider how the elements interrelate when using and implementing the framework.
Information Management Framework
| Knowledge Management | Governance | Information Security | Information Asset Management | Information Access and Use | Record Keeping | Data Management |
|---|
Business Intelligence Data mining Knowledge transfer Analytics Reporting Succession Planning Meta knowledge | Information Management Strategy Information Management Policy, Principles and Architecture Information Risk Management Information Quality Management Information Governance processes Monitoring and compliance | Access Management Authentication Security Audit Remote Access Incident Detection, Management, Reporting and Response Physical and Environmental Security Change Management / Version Control | Information Asset Classification Meta data Custodianship | Access and Accessibility Intellectual Property Licensing and Rights Management Privacy and Confidentiality Copyright Sharing and Exchange Search and Discovery Pricing Publishing Freedom of Information (FOI) | Records Management Capture and Creation Collection Management Retention and Disposal Conservation and Preservation Archiving Retrieval and Access Digital Continuity | Data modelling Data Integration Data Cleansing Data De-duplication Data Warehousing Data Conversion and
Transformation Data Quality and Integrity Data Capture Data Migration Data Format |
Defining the key elements of the Information Management Framework
A definition of the terms used to describe the key elements of the Information Management Framework is provided in the following schedule. The definitions of the Information Management Framework have been taken from (and in some cases adapted from) the
Queensland Government Information Management Policy Framework Definitions, 2009.
Information governance
Information governance is the system by which the current and future use of information and its management is directed and controlled.9
Information governance definitions
| Element | Definition |
|---|
| Information Management Strategy and Planning | Information management strategy defines the future strategic direction for the utilisation and management of information as a valued core strategic asset. Information management planning is concerned with ensuring that information and its management aligns with strategy and conforms to legislative and policy requirements. |
| Information Management, Policy, Principles and Architecture | Information management policy, principles and architecture provide direction and guidance with respect to information management activities, ensuring alignment with business requirements. |
| Information Risk Management | Information risk management adapts the processes and practices of risk management and applies it to information management.10 |
| Information Quality Management | Information quality management adapts the generic activities of quality management (i.e. coordinated activities that direct and control) information management.11 |
| Information Governance Processes | Information governance processes are the specific processes that deliver information governance including the assigning of information governance roles and responsibilities. |
| Monitoring and Compliance | Monitoring and compliance are the measures and controls in place to monitor compliance of information management controls, guidelines and procedures. Includes audit logging of systems, identification of anomalies, incident handling provisions. |
9. 'Information Governance', Standards Australia, ISO/IEC 38500:2008 Corporate Governance of Information Technology, 2008, p. 6.
10. 'Risk Management',
adapted from Queensland Government Chief Information Office, Best Practice Guide: Information Risk Management, 2002, p. 4-5.
11. Information Quality Management', Standards Australia, AS/NZS ISO 9000: 2006 Quality management systems –
Fundamentals and vocabulary, 2006, p. 9.
Knowledge management
Knowledge management is concerned with improving organisational outcomes and learning, through maximising the use of knowledge and capturing and applying learnings.
Knowledge management definitions
| Element | Definition |
|---|
| Business Intelligence | Business intelligence is concerned with supporting better decision making by analysing internal and external information. |
| Data Mining | Data mining is concerned with retrieving hidden patterns and relationship from data. |
| Analytics | Analytics is concerned with the application of rigorous statistical tools and techniques to an agency's information in order to improve decision making. |
| Data Warehousing | Data warehousing is concerned with collecting and storing data to support decision-making. |
| Knowledge Transfer | Knowledge transfer is the process of transferring knowledge from one part of the organisation to another, to ensure its availability for future users.12 |
| Reporting | Reporting in this context is concerned with large scale report generation from data warehouses. |
| Meta-knowledge | Meta-knowledge is knowledge about knowledge. |
| Succession Planning | Succession planning is the planning for the retention and transfer of knowledge within the organisation as part of the succession planning process. |
Information asset management
Information asset management is concerned with valuing and managing information assets with the same rigour as that applied to other strategic assets.
Information asset management definitions
| Element | Definition |
|---|
| Registration | Registration is the recording of an information asset in a repository for information management purposes for example, an Information Asset Register. |
| Information Asset Classification | Information asset classification is the arrangement of information into groups or categories according to established criteria, such as public, sensitive, private or confidential.13 An example of criteria for arranging information assets
is the Keyword AAA. |
| Metadata | Metadata is data that describes the information asset such as file name, author, title, date, subject, location. |
| Custodianship | Information custodianship is the assigning of responsibilities to an individual (or group), who ensures that the information asset is appropriately identified and managed throughout its lifecycle and is accessible to appropriate stakeholders. |
12. 'Knowledge Transfer', Wikipedia, accessed 26/9/2012.
13. 'Information Asset Classification',
Queensland Government Enterprise Architecture, Information Assets and their Classification Fact sheet, Feb 2011, accessed 26/9/2012.
Information access and use
Information asset access and use management is concerned with how information is to be accessed, exchanged and used, by whom and on what terms.
Information access and use definitions
| Element | Definition |
|---|
| Access and Accessibility | Access and accessibility is concerned with both: how access to government information is maximised for use and reuse. ensuring that all reasonable steps are taken to minimise social, economic and geographic disadvantage to accessing information. |
| Intellectual Property | Intellectual Property protects the legal rights resulting from the original, creative and intellectual effort of individuals and organisations. Government copyright protected information has many forms, including public sector information,
literary and artistic works,
computer programs, databases, film and sound recordings; along with intellectual property in inventions, plant breeder's rights, circuit layouts, trademarks and designs.14 |
| Licensing and Rights Management | Licensing is concerned with determining and managing the rights of use of government information to be granted under a licence. For the purpose of this framework, licensing includes rights management. |
| Privacy and Confidentiality | Privacy in the context of information management, is how personal information is collected and handled by government. This extends to an individual's right to privacy and to access and amend their personal information. Confidentiality is the
practice of ensuring that information is only accessible to those authorised to have access.15 |
| Copyright | Copyright law grants exclusive rights to creators of original works of authorship.16 |
| Sharing and Exchange | Sharing and exchange is concerned with the sharing or exchanging of information between local governments, with other government and other organisations. |
| Search and Discovery | Search and discovery the process of searching and identifying all relevant documents, data and information, such as required when handling requests under the Freedom of Information Act (1992). |
| Pricing | Pricing is concerned with the transparent and consistent pricing of government information. |
| Publishing | Publishing is concerned with assembling information into a desired format and disseminating it to a wide target audience, generally the public. Examples of the output of publishing include an agency website or a Government Gazette. |
| Freedom of Information (FOI) | Freedom of Information relates to providing access to documents and information under the Freedom of Information Act (1992). Under the FOI Act, local governments are required to assist the public to obtain access to documents at the lowest reasonable cost and to ensure that personal information held is accurate, complete, up to date and not misleading.17 |
14. 'Intellectual Property', Queensland Government, Queensland Public Sector Intellectual Property Guidelines, 2007, p. 4,
15. 'Confidentiality', International Standards
Organisation, Information Security Standard ISO-17799
16. 'Copyright', Creative Commons, accessed 26/9/2012.
17. 'Freedom of Information' –
Office of the Information Commissioner, Western Australia, accessed 26/9/2012.
Recordkeeping
Recordkeeping is the process of making and maintaining complete, accurate and reliable evidence of business transactions in the form of recorded information.18
Recordkeeping definitions
| Element | Definition |
|---|
| Records Management | The efficient and systematic control and maintenance of records, including the maintenance of their integrity and authenticity. |
| Record Creation and Capture | The act of bringing into existence and/or accumulating evidence of business activities, i.e. records, and undertaking a deliberate action which results in the registration of the record into a recordkeeping system. |
| Collection Management | In the context of this framework, collection management is concerned with managing a collection of information throughout its lifecycle. Examples of collections include: - collections that are permanent in nature (e.g. archives)
- libraries
- museums.
|
| Archiving | Archiving is the process of transferring inactive records from current storage areas to a repository for long-term storage, preservation and access.19 |
| Retrieval and Access | Retrieval and access of records is concerned with ensuring there are appropriate means of finding, retrieving, using and making sense of the records. |
| Retention and Disposal | Retention and disposal is concerned with defining the temporary or permanent status, retention periods, disposal triggers and consequent disposal actions authorised for classes of records. |
| Conservation and Preservation | Conservation embraces those processes or actions necessary to ensure the continued survival of collections without further degradation. Preservation is a conservation activity involving processes and operations for both physical and electronic
material that prevent loss of information and minimises any deterioration over time. |
| Digital Continuity | The planning and processes for ensuring digital records remain accessible despite the obsolescence of hardware and software formats and media. |
18. 'Recordkeeping' –Standards Australia, Australian Standard 4390 Part 1 Clause 4.19..
19. 'Archiving', Queensland
State Archives, Recordkeeping Terms, accessed on 26/9/2012.
Data management
Data Management is concerned with valuing and managing data as a strategic asset of local government with the same rigour as that applied to other strategic assets.
Data management definitions
| Element | Definition |
|---|
| Data Modelling | Data modelling is a method used to define and analyse the data requirements needed to support local government processes and service delivery.20 |
| Data Integration | Data integration is the process of combining data residing at different sources and providing the user with a unified view.21 |
| Data Quality and Integrity | Data Quality and Integrity is an assessment of data's trustworthiness and fitness for purpose, with respect to its accuracy, completeness, timeliness, relevance, transparency and consistency.22 |
| Data Cleansing | Data cleansing is concerned with detecting and correcting or removing corrupt or inaccurate data.23 |
| Data De-duplication | Data de-duplication is concerned with the elimination of redundant data to reduce required storage capacity and establish a source of truth.24 |
| Data Capture | Data capture is concerned with the collection, manipulation, interpretation and storage of data. |
| Data Migration | Data migration is concerned with transferring data between either storage types, formats or computer systems.25 |
| Data Type and Format | Data type is the classification identifying the type of data (e.g. real-valued, integer or Boolean), the possible values for that type; the operations that can be done on values of that type; the meaning of the data; and the way values
of that type can be stored.26 Data formats define the standard way that information is encoded in a computer file, such as .doc, .xls, .jpg.27 |
| Data Conversation and Transformation | Data conversion is the process of converting data from one format to another.28 Data Transformation converts data from a source data format into destination data.29 |
| Data Warehousing | Data warehousing is concerned with collecting and storing data to support decision-making. |
20. 'Data modelling', Wikipedia, available at, accessed 26/9/2012.
21. 'Data integration', Wikipedia, accessed 26/9/2012.
22. 'Data Quality', Wikipedia, accessed 26/9/2012.
23. 'Data Integrity', Wikipedia, accessed 26/9/2012.
24. 'Data cleansing',
Wikipedia, accessed 26/9/2012.
25. 'Data deduplication', Wikipedia, accessed 26/9/2012.
26. 'Data migration', Wikipedia,
accessed 26/9/2012.
27. 'Data Type', Wikipedia, accessed 26/9/2012.
28. 'File format', Wikipedia, accessed 26/9/2012.
29. 'Data Conversion', Wikipedia, accessed 26-9/2012.
30. 'Data transformation', Wikipedia, accessed 26/9/2012.
Information Management Framework supporting documentation
The Information Management supporting documentation supports the Information Management Framework by identifying the types of documents (strategies, policies, schedules and plans) that should in place as a baseline, to effectively manage information.
Information Management Framework supporting documentation
| Governance | Knowledge Management | Information Security | Information Asset Management | Information Access and Use | Recordkeeping | Data Management |
|---|
Information Governance Policy Information Management Policy Information Management Standards | Information Management Strategy** Succession Planning/Workforce Plan** | Information Security Policy* Information Security Audit and Review Schedule** | Management Policy Information Asset Register Information Asset Custodian Policy | Privacy Policy* FOI Information Statement* Data Confidentiality Agreement** Data Sharing Agreements | Record Keeping Plan* Retention and Disposal Schedule* Digitisation Policy*
Digital Record Keeping (of source records) Policy** Recordkeeping for Social Media Policy** | Data Entry Standards Document Naming Convention |
Asterisks represent the suggested minimum requirements to meet the standards below. Those without an asterisk are the advanced (ideal standard). The actual level of uptake needs to be determined by each local government based on its size
and specific business requirements.
* ICT Baseline standard
** Intermediate (Recommended) standard