Australian Government Architecture
Search

Type

Standard

Reference

. .

Applicable from

25 Jun 2024

Mandate

Endorsed

Status

Core

Responsible agency

Digital Transformation Agency

Information Asset Management Standard

Information is one of the most valuable assets the Australian Government holds, and it needs to be managed in a similar way to other high value assets. Commonwealth entities collect many types of information assets as they operate in their varied capacities.

Entities should adopt a strategic whole-of-organisation approach that outlines a clear vision, a plan for using digital information assets, and data and digital lifecycle investment to achieve their organisational objectives.

Information asset management solutions should ensure information assets remain genuine, accurate, complete, findable, useable, and secure from unauthorised access, alteration, and deletion while adhering to relevant legislation. Principles for well-managed information assets can be found in the National Archives of Australia's (NAA's) Information Management Standard for the Australian Government.

Entities should also adhere to ethical principles, with transparency, accountability, and consent at the forefront of data collection. Individuals or the community should be informed about what data is being collected, and for what purpose, and how it will be used. Additionally, entities may be required to gain explicit consent from individuals before collecting sensitive data.

Comply with legislation

  • The Archives Act 1983 (Cth)enables the NAA to determine record-keeping standards and provide related advice to Commonwealth entities, and imposes record keeping obligations in respect of Commonwealth records. Digital information assets used in government business are Commonwealth records to be managed in accordance with the Archives Act 1983 (Cth).

  • The Data Availability and Transparency (DAT) Act 2002 (Cth) is intended to improve public sector data accessibility, facilitate its consistent sharing with privacy safeguards, enhance integrity and transparency, instil confidence in its use, and establish institutional sharing arrangements.

  • The Freedom of Information Act 1982 (Cth) gives the Australian public the right to access documents held by Australian Government agencies and ministers, unless an exemption applies, as well as rights pertaining to documents under the FOI Act that contain information about an individual or their business.

  • The Privacy Act 1988 (Cth) is intended to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations, handle personal information.

A number of principles, derived from the Privacy Act, should be considered key:

  • an entity may only collect personal information that is reasonably necessary for their work
  • an entity must ask for consent to collective sensitive information
  • content must be collected in a lawful and fair way

Beyond these key pieces of legislation, there are numerous others that may further apply depending on the operating context of an entity and a set of information. Each entity should review relevant federal, state, and local requirements to ensure full compliance.

The Office of the Australian Information Commissioner's (OAIC) Australian Privacy Principles provide further details on the collection of personal information.

Share and collaborate

Align to data ontologies

Classification creates a standardised approach or 'common language' for naming, organising, retrieving, and sharing content, linking it to a business context and decisions regarding disposal, retention, access, and security. This uniformity enhances accuracy and ease of retrieval and ensures consistency, supporting Freedom of Information and change management processes across agencies. Tools like business classification schemes, records classification tools, classification by function, functions thesaurus, and records authorities help develop an agency's classification scheme, promoting efficient business processes and ensuring information is both usable and accessible. More information about classification of information can be found at Classifying information | naa.gov.au.

Alignment with common whole-of-government (WofG), portfolio, or sector-specific data ontologies is a crucial part of effective information asset management. Alignment promotes data accuracy, reduces redundancy, and streamlines decision making processes.

Where possible, entities should align to the WofG data.gov.au dataset ontology. This ontology is designed to describe the characteristics of datasets published on data.gov.au. Entities may also consider other portfolio or sector-specific data ontologies.

Align to metadata standards

Alignment with common WofG metadata standards is also a crucial part of effective information asset management. Alignment facilitates interoperability and enhances information asset integration and sharing across entities. Comprehensive metadata must accompany public datasets, detaining information on data sources, methodologies, and any limitations to facilitate accurate interpretation and application.

To meet requirements of the Office of the National Data Commissioner (ONDC) to enable data sharing and the NAA’s requirements for effective management of information assets over time, entities should refer to:

Create Inventories and Catalogues

Data inventories, registers, or catalogues play a vital role in effective data management. The development of the Australian Government Data Catalogue by ONDC facilitates the discovery of Australian Government data. Mapping all data assets containing Indigenous data is also recommended for transparency and accessibility. The NAA recommends entities design and maintain an information asset register to enable entity-wide understanding of records, information, and data.

Implement appropriate information asset governance and risk frameworks

Information asset governance is a system for managing information assets across an entity. Entities should develop an ongoing information asset governance system, as well as appoint a chief information governance officer. The Foundational Four provides entities with guidance on establishing an ongoing data governance program.

Share as open by default

The Australian Government's public data policy resources require all Commonwealth entities to make non-sensitive data open by default. At a minimum, entities will publish appropriately anonymised government data by default:

  • on or linked through data.gov.au for discoverability and availability
  • in a machine-readable, spatially-enabled format
  • with high quality, easy to use and freely available API access (API content on the Australian Government Architecture provides information on how data should be shared securely) with descriptive metadata which adhere to the metadata standards
  • using agreed open standards
  • kept up to date in an automated way
  • under a Creative Commons By Attribution licence unless a clear case is made to the Department of the Prime Minister and Cabinet for another open licence.
Share with states and territories

In addition to the open by default requirements, the Intergovernmental Agreement on data sharing between Commonwealth and State and Territory governments (IGA) requires that public sector data be shared as a default position between states, territories and the Commonwealth where it can be done securely, safely, lawfully and ethically. Data shared under the IGA must be in accordance with established privacy and security standards and policies, including complaints handling processes.

Share on Dataplace

Dataplace is a WofG platform maintained by the ONDC on which to request Australian Government data, including under the DATA Scheme. The platform brings together those wanting to get access to Australian Government data (such as researchers and those working on public policy and delivering public services) with Commonwealth entities who are the data custodians.

Collaborate with the private and research sectors

Entities should explore opportunities to facilitate public-private partnerships, or public – research partnerships to jointly address challenges and opportunities, leveraging the expertise of both external sectors to derive innovative solutions that benefit the public. The private sector or researchers could be encouraged to develop applications, tools or insights that use public data, which fosters innovation.

Entities should also explore opportunities to provide training programs and capacity building initiatives to enhance the skills of private and research sector professionals in working with public data, fostering a more robust ecosystem.

Collaborate with Aboriginal and Torres Strait Islander people

Government-held data quality cannot be improved without embedding Indigenous leadership into its governance. Aboriginal and Torres Strait Islander leadership is crucial for improving the relevance, accessibility, interpretability, and timeliness of Indigenous data in the APS. Entities should partner with Aboriginal and Torres Strait Islander people at all stages of the data lifecycle to ensure their priorities are reflected in data about their communities.

The Framework for the Governance of Indigenous Data aims to improve the accessibility, relevance, interpretability, and timeliness of government held data for Aboriginal Torres Strait Islander people. Non-Corporate Commonwealth Entities are required to prepare implementation plans responding to the actions contained within the Framework and a timeframe for implementation.

Appropriately create, manage, retain, and dispose information assets

Each entity will have business systems that create, keep, and manage information assets, including data and datasets. Data and datasets retained in business systems, like other information created and received in connection with Australian government business, are Commonwealth records and must be managed in accordance with the Archives Act 1983.

The NAA’s current WofG policy Building Trust in the Public Record: Managing information and data for government and community outlines implementation actions to achieve the policy outcomes of strategic information asset governance, fit for purpose information management processes, practices, and systems, and the reduction of information management inefficiency and risk. 

Retain and Dispose

Transparent, responsible, and secure handling of information assets is essential. The NAA provides further guidance to entities on outsourcing digital storage options, including data centre, digital repository and cloud computing. A key policy to protecting Australian Government systems and the data they hold is the Hosting Certification Framework. It operationalises the principles outlined in the Whole-of-Government Hosting Strategy, in particular the requirement that all data must be hosted with the appropriate level of privacy, sovereignty, and security controls.

Entities must manage information assets in accordance with their minimum retention period. These periods are usually set by the NAA though legal instruments known as records authorities. Disposal may involve arranging secure destruction of the information assets (including data and datasets) or, where applicable, transferring custody or ownership of the information assets to another entity through machinery of government changes. 

The most valuable information assets, including datasets, should be identified as ‘retain as national archives’ in relevant records authorities. These should be transferred into the care of the NAA. In some instances, particularly for large datasets with continuing business use, the NAA may enter an agreed distributed custody arrangement, where an entity will continue to manage the dataset that has been identified as part of the archival resources of the Australian Government. 

Specify and maintain stringent information asset control conditions

Most Commonwealth entities are subject to mandatory requirements detailed in the Australian Government Protective Security Policy Framework.

There are three core protective security policies that together safeguard government information assets from unauthorised access or harm:

  • Personnel security – ensuring that access to information is provided on a strict need to know basis only to people who have been assessed as suitable.
  • Physical security – preventing unauthorised access or harm to government resources, including information assets, through physical control measures such as entry barriers and security systems.
  • Information and communication technology security – having in place operational procedures and technical control measures to manage access, transmission, storage, and disposal of information.
Plan for digital preservation

Ensure that consideration is given to retention periods that may be longer than the life of the system they are captured in. Preserving information assets may require migration to new platforms and formats. Regular and planned migration helps avoid obsolescence and ensures information continues to be accessible and usable. The NAA provides further information about digital preservation planning.

Align operational and technological needs

When adopting an information asset management solution, entities should ensure alignment with operational needs. It is important that the solution has sufficient functionality to manage information assets appropriately. 

The NAA’s Business System Assessment Framework provides Commonwealth entities with a consistent, streamlined, and risk-based approach to the assessment of information management functionality in business systems and compliance with metadata standards. It is consistent with Part 1 of International standard ISO16175, which provides internationally agreed functional requirements and associated guidance for applications that manage digital records.

Information asset management requirements should be considered for office productivity software such as Microsoft 365 as well as for current, emerging and critical technologies

Ensure that data is easy to exchange and share for business efficiency and accountability

Data interoperability enables the exchanging of data between different systems and organisations. The Data Interoperability Maturity Model (DIMM) provides a way to assess an entity’s progress towards data interoperability.

The decision between certain technological solutions (e.g. a SQL database, data lake, data warehouse, etc.) may be significant, especially when handling larger pools of complex data. When choosing how to house their data, entities should consider:

  • the format of the data (structured vs unstructured vs semi-structured)
  • the value and purpose of the data
  • data processing requirements
  • data storage and budget constraints
  • who is using the data
  • technology and data ecosystems.

More information on data interoperability can be found in the Integration Domain.

Adhere to reuse principles

Before an entity procures a system or reviews existing systems, it should consider its use case-specific information asset requirements, including volume and nature of data, information and records, broader system purpose, performance matters, and privacy/sensitivity concerns. 

Depending on needs, entities should consider platforms that implement mechanisms for both real-time and batch data integration, allowing the platform to accommodate different data collection frequencies based on the nature of the information. The entity should enforce stringent data quality checks during the collection process to identify and rectify inaccuracies or inconsistencies at the source. Finally, standardised data formats and protocols should be used to facilitate seamless integration and ensure uniformity in the collected data.

Reuse content on the Australian Government Architecture provides information for entities on reuse.

Engage early

Ensure early engagement with the DTA where proposals for information asset management systems either identify that the development of the system(s) will be part of future budget rounds or indicate in their proposal the intention to undertake an investigation which may require an asset management system in the future.

It is important in this early stage that the information asset management functionality requirements are understood. These should be sourced from a collaboration between information, records and data teams and ICT areas. The NAA, through its Agency Service Centre, may also be of assistance.

Capabilities

This standard supports digital solutions in the following capability.
CAP4

Information Asset Management

Policies

This standard assists in meeting the requirements of the following policies.
POL37

Information Asset Management policy (Position)

Designs

The following designs show how to achieve the intent of this standard.

Dataplace

DES24
Dataplace is the digital platform to find and request Australian Government data. The platform brings together those wanting to get access to data (such as researchers and those working on public policy and delivering public services) with Australian Government agencies who are the data custodians…

NationalMap

DES9
NationalMap, together with data.gov.au, is an essential mechanism in the implementation of Australian Government's Open Data Policy, for open data publication, discovery and consumption by government, industry, research, community organisations and the general public. NationalMap is an…
Was this information helpful?

Do not include any personal information. We are unable to respond to comments or feedback. If you would like a response, please email, or phone us. Our details are on the AGA contact page www.architecture.digital.gov.au/contact-us.