Definition
Information asset management refers to the processes and procedures used to create and manage information assets to effectively deliver information, insights, and services to the public at the right time in the right format. Information assets need to be efficiently managed from creation and should be appropriately destroyed once their value has ceased.
Information assets include data, information, and records. These terms are sometimes used interchangeably, and their meaning can be context specific. Within the context of this AGA capability, the following definitions have been used:
- Data: raw letters, numbers, pictures, etc. with or without context.
- Information: data that has meaning/context and adds value for the user.
- Records: information created, received, and maintained as evidence and as an asset, by an entity, as part of business processes.1
In the Australian Government context, any information asset created or maintained by a Commonwealth entity is a record under Section 3 of the Archives Act 1983 (Cth). The Act defines a record as any form of documented information kept because of the information that can be derived from it or its connection with an event, person, circumstance, or thing. Digital information assets may be created2:
- by office applications such as word-processed documents, spreadsheets, presentations, and desktop-published documents
- in online and web-based environments such as intranets, internets, and public websites
- by business information systems such as databases, digital/media asset management systems, geospatial data systems, human resources systems, financial systems, workflow systems, client management systems, and electronic document and records management systems (EDRMS)
- by digital communication systems such as email, SMS (short messaging services), MMS (multimedia messaging services), voicemail, instant messaging, video conferencing and teleconferencing.
For security of information assets and their infrastructure, see the Information Asset Security capability.
1 Based on the definition of a record in AS ISO 15489 – 1: Information and documentation – Records management, Part 1: Concepts and principles.
2 Types of information | naa.gov.au.
Purpose
Information asset management is a fundamental enabling capability for almost all ICT investments, and is an area heavily tied to legislation due to the potential sensitivity of information retained by Commonwealth entities.
Effective digital information asset management is realised through:
- appropriate creation, description, maintenance, use, preservation, secure storage and disposal of digital data, information, and records
- compliance with regulatory requirements
- consistent application of standards, policies, and procedures across entities
- successful deployment and sustainable scaling of existing and new ICT solutions, supporting digital information assets to serve as strategic assets rather than liabilities.
Objective
The objectives of this content are to:
- align and strengthen best practices of information asset management, to contribute to the Australian Government’s data and digital agenda
- ensure that information assets are available as a resource for use and re-use by government and community to achieve government outcomes, drive innovation, increase economic productivity, and enhance social and cultural outcomes
- ensure that new information asset management digital and ICT solutions draw efficiency from preceding investments, implementations, and learnings
- foster consistency across entities in technologies, data, and workflow.
Whole-of-government applicability
On 22 November 2023, the Australian Government released the 2023-2030 Australian Cyber Security Strategy, a roadmap that will help realise the Australian Government’s vision of becoming a world leader in cyber security by 2030. The capability of information asset management supports its agenda through:
- ensuring that privacy considerations are incorporated into the design, development, and deployment of applications across the Australian Public Service
- preventing vulnerabilities, reducing the risk of security breaches, and protecting sensitive data and systems.
The Data and Digital Government Strategy (DDGS) sets a vision for 2030 to deliver simple, secure and connected public services for all people and business, through world class data and digital capabilities.
Maturity in the capability of information asset management will be of critical importance to the DDGS missions:
- Trusted and secure: The Australian Government commits to improving and maintaining trust in its use of data and digital technologies including through adopting robust and appropriate privacy and security settings to keep peoples’ information safe.
- Simple and seamless services: The Australian Government commits to ensuring technology is scalable, secure, resilient and interoperable, with new systems and infrastructure that supports data access and discoverability.
Policy Elements
-
Appropriately create, manage, retain, and dispose information assets
Implement appropriate creation, management, retention, archiving, and destruction practices. Ensure information assets are created and managed according to their value by way of transparent, responsible, and secure handling of information assets. Stringent data ownership and control conditions should be specified and maintained; and appropriate digital preservation planning undertaken.
-
Share and collaborate
Prioritise the transparent and collaborative governance of information assets. Align with common data ontologies, release non-sensitive data openly, optimise public data use. Share data with states and territories, partner with the research sector and Aboriginal and Torres Strait Islander people and implement robust data governance and risk frameworks for responsible information asset management.
-
Adhere to reuse principles
Analyse the current information asset management technology environment against business requirements, identifying gaps and opportunities for reuse. Ensure the ongoing viability of information asset solutions through continual improvement of processes, and features, data, security, technology, skills, and cost.
-
Comply with legislation
Establish robust practices that align with all relevant legislation, including (but not limited to) the Data Availability and Transparency (DAT) Act 2022 (Cth), the Archives Act 1983 (Cth), and the Privacy Act 1988 (Cth).