Records, information and data risks (information risks) can occur at any stage. These risks are a combination of threats and vulnerabilities that may have a negative or positive impact on the trustworthiness and availability of records, information and data. Understanding risk is therefore critical in managing core records, information and data.
Information is an essential and valuable asset to government business.
Information Management (IM) is the ‘planning, collection, control, distribution and exploitation of information resources within an organisation, including systems development, and disposal or long-term preservation’ (AS ISO 5127:2017, section 18.104.22.168).
It involves planning, designing, and implementing effective processes, governance, and infrastructure to manage information throughout its lifecycle (creation, management, use/re-use, destruction or preservation).
NSW State Archives and Records recognises the challenges of managing vast quantities of records, information and data in the current environment of increased cyber risks and an ever-changing technology landscape.
The minimum compliance requirements 2.2 and 2.3 of the Standard on Records Management direct public offices to strategically focus on high-value and high-risk areas of business. These requirements ensure that:
- records, information and data required as State archives and/or of high-value and high-risk are prioritised, protected and managed
- records and information management is a designed component of the most valuable and critical information and systems
- records and information management strategies and initiatives align with the organisation’s critical business priorities
- resources (time, money and staff) invested/allocated are proportionate to the business value of the records, information and data.
This approach to identifying and prioritising records of high-value and high-risk also matches up with the approaches taken by cyber security to protect the most critical information assets of the organisation.
Knowing your business and your business information needs, planning any integrations with current business systems well, planning for the stability and longevity of your core business information, being aware of the information-related impacts of system change, planning and managing change, deploying metadata requirements strategically, and assessing your need for system documentation requirements will help determine information management requirements when developing new corporate systems.
The relam of digital information management is ever evolving, where formats and systems can become swiftly outdated. It can equate to varying information issues relating to accessibility, authenticity, accuracy, and efficiency.
The following advice highlights some of the common issues in which your organisation may encounter with suggested solutions/strategies to mitigate these challenges.
High risk business areas in each organisation should be priorities for information management activity, in order to identify and mitigate any information-related risks these business areas might face.
This page defines common and specific information risks, articulates strategies for identifying areas of business which face information risk and provides mitigation strategies and case studies for dealing with information risk.
The ad hoc and unregulated deletion of information and the unwarranted over-retention of information can both affect business performance. Therefore, decisions about how long to keep information are important.
Information retention and disposal rules must be deployed 'by design'.
This page provides an overview of the Information Management Framework.