Information is one of the most valuable assets the Australian Government holds and should be managed in a similar way to other high value assets.
Entities should adopt a strategic approach to managing information related to their data and digital investments. If the information assets are proactively managed across the whole investment lifecycle, this will help organisations to more effectively achieve their organisational objectives.
Information asset management solutions should ensure information assets remain genuine, accurate, complete, findable, useable and secure from unauthorised access, alteration and deletion while adhering to relevant legislation. Principles for well-managed information assets can be found in the National Archives of Australia’s (NAA’s) Information management standard for the Australian Government.
Entities should also adhere to ethical principles, with transparency, accountability and consent at the forefront of data collection. Individuals or the community should be informed about what data is being collected and for what purpose, and how it will be used. Additionally, entities may be required to gain explicit consent from individuals before collecting sensitive data.
Applicability of this standard
These statements detail how entities can meet this standard and comply with the Information asset management policy.
Share and collaborate
Align to data ontologies
Where possible, entities should align to the WofG data.gov.au dataset ontology. This ontology is designed to describe the characteristics of datasets published on data.gov.au. Entities may also consider other portfolio or sector-specific data ontologies. This promotes data accuracy, reduces redundancy and streamlines decision making processes.
Classification creates a standardised approach or ‘common language’ for naming, organising, retrieving and sharing content. This helps linking content to a business context and informs decisions regarding disposal, retention, access and security. This uniformity enhances accuracy and ease of retrieval and ensures consistency, supporting freedom of information and change management processes across agencies.
Tools like business classification schemes, records classification tools, classification by function, functions thesaurus, and records authorities help develop an agency’s classification
Align to metadata standards
To meet requirements of the Office of the National Data Commissioner (ONDC) to enable data sharing and the NAA’s requirements for effective management of information assets over time, entities should refer to the:
- Australian Government recordkeeping metadata standard – designed to help entities meet business, accountability and archival requirements in a systematic and consistent way by maintaining reliable, meaningful and accessible records
- ONDC metadata attributes guide – developed to aid entities that are considering data inventory uplift work.
Alignment with common WofG metadata standards is a crucial part of effective information asset management. Alignment facilitates interoperability and enhances information asset integration and sharing across entities. Comprehensive metadata must accompany public datasets, retaining information on data sources, methodologies and any limitations to facilitate accurate interpretation and application.
Create inventories and catalogues
The NAA recommends entities design and maintain an information asset register to enable entity-wide understanding of records, information and data.
The Australian Government data catalogue is hosted on Dataplace and it is a searchable online index developed by the ONDC to help users discover, request and access data held by Australian Government agencies. The catalogue draws on open and restricted data to facilitate the use of public sector data for innovation, research and improved government services. The catalogue contains metadata but does not host the actual data, rather it directs users to the relevant data custodians for access.
Implement appropriate information asset governance and risk frameworks
Information asset governance is a system for managing information assets across an entity. Entities should develop an ongoing information asset governance system, as well as appoint a chief information governance officer. The Foundational Four provides entities with guidance on establishing an ongoing data governance program.
Share as open by default
The Australian Government’s public data policy resources require all Commonwealth entities to make non-sensitive data open by default. At a minimum, entities will publish appropriately anonymised government data by default:
- on or linked through data.gov.au for discoverability and availability
- in a machine-readable, spatially enabled format
- with high quality, easy to use and freely available API access (API content on the Australian Government Architecture provides information on how data should be shared securely) with descriptive metadata which adhere to the metadata standards
- using agreed open standards
- kept up to date in an automated way
- under a Creative Commons by attribution licence unless a clear case is made to the Department of the Prime Minister and Cabinet for another open licence.
Share with states and territories
In addition to the open by default requirements, the Intergovernmental Agreement on data sharing between Commonwealth and State and Territory governments (IGA) requires that public sector data be shared as a default position between states, territories and the Commonwealth where it can be done securely, safely, lawfully and ethically. Data shared under the IGA must be in accordance with established privacy and security standards and policies, including complaints handling processes.
Share on Dataplace
Dataplace is a WofG platform maintained by the ONDC on which to request Australian Government data, including under the DATA Scheme. The platform brings together those wanting to get access to Australian Government data (such as researchers and those working on public policy and delivering public services) with Commonwealth entities who are the data custodians.
Collaborate with the private and research sectors
Entities should explore opportunities to facilitate public-private partnerships and public research partnerships to jointly address challenges and opportunities, leveraging the expertise of both external sectors to derive innovative solutions that benefit the public. The private sector and researchers could be encouraged to develop applications, tools or insights that use public data, which fosters innovation.
Entities should also explore opportunities to provide training programs and capacity building initiatives to enhance the skills of private and research sector professionals working with public data, fostering a more robust ecosystem.
Collaborate with Aboriginal and Torres Strait Islander people
Entities should partner with Aboriginal and Torres Strait Islander people at all stages of the data lifecycle to ensure their priorities are reflected in data about their communities. Aboriginal and Torres Strait Islander leadership is crucial for improving the relevance, accessibility, interpretability and timeliness of Indigenous data in the APS.
The Framework for the Governance of Indigenous Data aims to improve the accessibility, relevance, interpretability and timeliness of government held data for Aboriginal Torres Strait Islander people. Non-corporate Commonwealth entities are required to prepare implementation plans responding to the actions contained within the framework together with a timeframe for implementation.
Appropriately create, manage, retain and dispose information assets
Each entity will have business systems that create, keep and manage information assets, including data and datasets. Data and datasets retained in business systems, like other information created and received in connection with Australian government business, are Commonwealth records and must be managed in accordance with the Archives Act 1983.
The NAA’s current WofG policy Building Trust in the Public Record: Managing information and data for government and community outlines implementation actions to achieve the policy outcomes of strategic information asset governance, fit for purpose information management processes, practices and systems, and the reduction of information management inefficiency and risk.
Retain and dispose
Entities must manage information assets in accordance with their minimum retention period. These periods are usually set by the NAA though legal instruments known as records authorities. Disposal may involve arranging secure destruction of the information assets (including data and datasets) or, where applicable, transferring custody or ownership of the information assets to another entity through machinery of government changes. More information can be found here Retaining, managing and disposing of data and datasets.
Transparent, responsible and secure handling of information assets is essential. The NAA provides further guidance to entities on outsourcing digital storage options, including data centre, digital repository and cloud computing. A key policy to protecting Australian Government systems and the data they hold is the Hosting Certification Framework. It operationalises the principles outlined in the Whole-of-Government Hosting Strategy, in particular the requirement that all data must be hosted with the appropriate level of privacy, sovereignty and security controls.
Datasets of enduring value should be labelled ‘Retain as National Archives’ (RNA) in relevant records authorities. These are typically of permanent value, meaning they have historical, cultural or evidential importance and must be preserved. These should be transferred into the care of the NAA. In some instances, particularly for large datasets with continuing business use, the NAA may enter an agreed distributed custody arrangement, where an entity will continue to manage the dataset that has been identified as part of the archival resources of the Australian Government.
Specify and maintain stringent information asset control conditions
Most Commonwealth entities are subject to mandatory requirements detailed in the Australian Government Protective Security Policy Framework.
There are three core protective security policies that together safeguard government information assets from unauthorised access or harm:
- Personnel security – ensuring that access to information is provided on a strict need to know basis only to people who have been assessed as suitable.
- Physical security – preventing unauthorised access or harm to government resources, including information assets, through physical control measures such as entry barriers and security systems.
- Information and communication technology security – having in place operational procedures and technical control measures to manage access, transmission, storage and disposal of information.
Plan for digital preservation
Ensure that consideration is given to retention periods that may be longer than the life of the system that data are captured in. Preserving information assets may require migration to new platforms and formats. Regular and planned migration helps avoid obsolescence and ensures information continues to be accessible and usable. The NAA provides further information about digital preservation planning.
Align operational and technological needs
When adopting an information asset management solution, entities should ensure alignment with operational needs. It is important that the solution has sufficient functionality to manage information assets appropriately.
The NAA’s Business System Assessment Framework provides Commonwealth entities with a consistent, streamlined, risk-based approach to the assessment of information management functionality in business systems and compliance with metadata standards. It is consistent with Part 1 of International Standard ISO16175, which provides internationally agreed functional requirements and associated guidance for applications that manage digital records.
Information asset management requirements should be considered for office productivity software such as Microsoft 365 as well as for current, emerging and critical technologies.
Ensure that data is easy to exchange and share for business efficiency and accountability
Data interoperability enables the exchanging of data between different systems and organisations. The Data Interoperability Maturity Model (DIMM) provides a way to assess an entity’s progress towards data interoperability.
The decision between certain technological solutions (e.g. a SQL database, data lake, data warehouse, etc.) may be significant, especially when handling larger pools of complex data. When choosing how to house their data, entities should consider:
- the format of the data (structured, unstructured or semi-structured)
- the value and purpose of the data
- data processing requirements
- data storage and budget constraints
- who is using the data
- technology and data ecosystems.
More information on data interoperability can be found in the Integration domain.
Engage early
Entities must ensure early engagement with the DTA where proposals for information asset management systems either:
- identify that system development will be part of future budget rounds
- indicate the intention to undertake an investigation which may require an asset management system in the future.
These should be sourced from a collaboration between information, records and data teams and ICT areas. The NAA, through its Agency Service Centre, may also be of assistance.
Adhere to reuse principles
Entities must adhere to the reuse principles.
Before an entity procures a system or reviews existing systems, it should consider its use-case-specific information asset requirements, including volume and nature of data, information and records, broader system purpose, performance matters, and privacy/sensitivity concerns.
Depending on needs, entities should consider platforms that implement mechanisms for both real-time and batch data integration, allowing the platform to accommodate different data collection frequencies based on the nature of the information. The entity should enforce stringent data quality checks during the collection process to identify and rectify inaccuracies or inconsistencies at the source. Finally, standardised data formats and protocols should be used to facilitate seamless integration and ensure uniformity in the collected data.
The Australian Government Architecture provides information for entities on reuse.
Comply with legislation
Entities must comply with the following regulations:
- The Archives Act 1983 (Cth), enables the NAA to determine record-keeping standards and provide related advice to Commonwealth entities, and imposes record keeping obligations in respect of Commonwealth records. Digital information assets used in government business are Commonwealth records to be managed in accordance with the Archives Act 1983 (Cth).
- The Data Availability and Transparency (DAT) Act 2022 (Cth) is intended to improve public sector data accessibility, facilitate its consistent sharing with privacy safeguards, enhance integrity and transparency, instil confidence in its use, and establish institutional sharing arrangements.
- The Freedom of Information Act 1982 (Cth) gives the Australian public the right to access documents held by Australian Government agencies and ministers, unless an exemption applies, as well as rights pertaining to documents under the FOI Act that contain information about an individual or their business.
- The Privacy Act 1988 (Cth) is intended to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations, handle personal information.
There are other key pieces of legislation that may also apply depending on the operating context of an entity and information set. Each entity should review relevant federal, state, and local requirements to ensure full compliance.