ICT Strategic Framework

Information is a strategic resource that underpins the key functions and decision making processes of a local government.

The way information is managed, including the technology used to support it, is therefore central to local government business practices. Alongside its physical, human and financial resources, a local government must manage its information in a way that enables services to be delivered that best meet community needs and the priorities set by council.

Integrated Planning and Reporting (IPR) Framework

The Integrated Planning and Reporting (IPR) Framework and Guidelines sets out how local governments should plan for their future through the development of Strategic Community Plans and Corporate Business Plans. The resources needed to implement these plans are identified and managed through asset management plans, workforce plans and long-term financial plans.

In a similar way, information and information technology resources can be planned for and managed so that they support the strategic objectives and priorities of the local government, as well as ensuring the business continuity of its day-to-day operations. ICT is also an important foundation for the other resourcing plans.

ICT Strategic Framework

The ICT Strategic Framework sets out the key components that need to be considered in managing a local government's information resources. It represents the key elements, and their relationships, that might be expected in an 'ideal' environment. In reality, the extent to which it is applicable will obviously depend on the size and complexity of the local government. It recognises that there will be differing capacity with the local government sector to implement ICT and to manage it in line with the IPR Framework.

The ICT Framework is not a compliance requirement. It is a resource that local governments can use to plan for, manage and review their information and technology assets.

Related resources

Background

Information is a strategic resource that underpins the key functions and decision making processes of a local government. The way information is managed, including the technology used to support it, is therefore central to local government's business practices. Alongside its physical, human and financial resources, a local government must manage its information resource in a way that enables services to be delivered that best meet community needs and the priorities set by Council.

The Integrated Planning and Reporting Framework (IPR) sets out how local governments should plan for their future through the development of Strategic Community Plans and Corporate Business Plans.

The resources needed to implement these plans are identified and managed through asset management plans, workforce plans and long-term financial plans. In a similar way, information and information technology resources can be planned for and managed so that they support the strategic objectives and priorities of the organisation, as well as ensuring the business continuity of its day-to-day operations.

Information and Communications Technology is also an important foundation for the other resourcing plans.

The ICT Strategic Framework sets out the key components that need to be considered in managing an organisation's information resources. It represents the key elements, and their relationships, that might be expected in an "ideal" environment. In reality, the extent to which it is applicable will obviously depend on the size and complexity of the individual local government. It recognises that there will be differing capacity within the local government sector to implement ICT and to manage it in line with the IPR Framework.

The Framework is not a compliance requirement. It is a resource that local governments can use to plan for, manage and review their information and technology assets. It will be accompanied by a number of templates, guides and supporting documents that are designed to assist these processes.

What is ICT?

Information and Communications Technology or ICT refers to technology that will store, retrieve, manipulate, transmit or receive information electronically or in a digital form. It includes hardware, communications devices or applications, including computer hardware, software, network infrastructure, video conferencing, telephone and mobile phones.

Adequate and appropriate ICT underpins all aspects of a local government's work. It is integral to the delivery of local government services: from the provision of information and advice, to providing better analysis of environmental, demographic and social change for better land use management and planning. ICT also supports local government back office operations, providing data storage, information management, email and mobile communications. The rapid adoption of mobile, on-demand, and social media technologies has changed expectations of service delivery. These developments offer an opportunity for local government to provide services in new ways, and to interact through new modes. Mobile, internet and cloud technologies provide further opportunities for innovation and efficiencies in service delivery.

What is the ICT Strategic Framework?

The ICT Strategic Framework provides a high level framework for the effective management of information and technology to ensure ICT systems are controlled and maintained in line with corporate objectives and emerging trends.

The ICT Strategic Framework will be accompanied by supporting documents and tools such as the ICT Maturity Model, templates and example documents, policies and strategic plans, which are key resources for effective implementation of the framework.

Purpose of the ICT Strategic Framework

The ICT Strategic Framework has been developed as a tool to:

  • assist Chief Executive Officers, executive team and elected members to better understand the complexity of managing information and technology within local government.
  • encourage local governments to improve their ICT capability.
  • enable each local government to operate at or above the ICT Baseline Standard.
  • ensure ICT is adequately managed to support all aspects of local government operations, and
  • support all related elements of the Integrated Planning and Reporting Framework.

Implementation of the ICT Strategic Framework is integral to achieving the outcomes of the Integrated Planning and Reporting Framework. The ICT Strategic Framework establishes an ICT Baseline which identifies the minimum requirements for the effective provision of information management and information technology services to effectively support local government operations. Understanding the complexity of information and technology management within local government is the first step in applying the necessary measures to ensure that the baseline ICT standards are being met.

Who is involved?

The ICT Strategic Framework is targeted at local government staff responsible for managing Information Technology and Information Services (Records), and/or delivering ICT services. The ICT Strategic Framework has also been designed as a tool for local government Chief Executive Officers, executive teams and elected members to understand the complexity of managing information and technology within local government.

About the Framework

The ICT Strategic Framework is made up of eight elements:

  1. governance
  2. emerging trends and technologies
  3. business systems and applications
  4. infrastructure and technology
  5. IT business continuity
  6. security
  7. project management
  8. information management

These elements should all be considered in managing information, systems, networks and infrastructure to ensure that ICT systems are secure, protected from risk, adequately tested and controlled, and developed and maintained in line with corporate objectives.

The first seven elements and their relationships comprise an Information Technology Framework. The eighth element consists of important subsets and has been developed as a separate but related Information Management Framework. Both frameworks are underpinned by Supporting Documentation (see section 4.5 onwards 'Information Technology Framework Supporting Documentation'). This includes the policies, plans, strategies and registers required as baseline to enable effective implementation of the framework.

The frameworks should be used in conjunction with the ICT Maturity Model to assess the capability of the local government in relation to its size and functions, and to develop appropriate action plans in response.

Information technology framework

The Information Technology Framework provides a high level framework for the effective management of IT within local government. The framework identifies the elements of IT that should be considered as a minimum baseline, in managing systems, networks, devices and data, to ensure that they are secure, protected from risk, adequately tested and controlled, and developed and maintained in line with corporate objectives.

What is the structure of the IT Framework?

The IT Framework represents the discipline of IT management as comprising seven key elements. The framework has been designed with four pillars reflecting the four main IT disciplines, with Governance overarching all aspects of IT at the top of the framework, and robust project management underpinning the framework. The positioning of Emerging Technologies and Trends over the four pillars of IT recognises the role that disruptive technologies has on the delivery of IT services.

The key elements of the IT Framework are:

  1. Governance — the guiding strategies, principles and practices that guide the correct and effective delivery of ICT, and provides a framework for ICT decision making.
  2. Emerging Trends and Technologies — the emerging trends and technologies providing challenges and opportunities for local government in managing ICT systems and resources, and delivery of future ICT services.
  3. Business Systems and Applications — the software systems and applications used by a local government.
  4. Infrastructure and Technology — the hardware and network infrastructure used to deliver local government ICT services.
  5. IT Business Continuity — the activities undertaken to enable a local government to perform its key functions and deliver its ICT services.
  6. Security — protecting information and systems from unauthorised access, use, modification, disclosure or destruction.
  7. Project Management — the discipline of planning, organising, controlling, and managing resources to achieve specific goals.

The key elements are each made up of a number of lower level elements. Together, these elements describe the discipline of managing each of the key elements identified within the framework. It is important to note that all elements of the framework are interrelated and consideration should be given to how the elements interrelate when using and implementing the framework.

Information Technology Framework

Governance

  • ICT Strategy and Planning
  • Risk Management
  • ICT Procurement
  • Policy, Process and Procedures
  • Performance Measurement
  • ICT Resource Management
  • Monitoring and Compliance
  • ICT Sourcing Models

Emerging Trends and Technologies

  • Social Media
  • Smart Phones and Devices
  • Bring-Your-Own-Device (BYOD)
  • Cloud Computing
  • Online Services
  • Open Data

Business Systems and Applications

  • Software Acquisition
  • Software Design and Development
  • Software Maintenance and Management
  • Business Process Analysis
  • Integration
  • Software Scoping and Requirements Definition
  • Testing and Implementation
  • Change Management
  • Version Control

Infrastructure and Technology

  • Infrastructure and Architecture
  • Virtualisation
  • Capacity Management
  • Communications and Network Management
  • Data Storage
  • IT Asset Management
  • Systems Acquisition
  • Systems Design and Development

IT Business Continuity

  • Disaster Recovery
  • Contingency Planning
  • Backups
  • Replication
  • Redundancy
  • Data Recovery
  • Emergency Response

Security

  • Access Management
  • Authentication
  • Audit
  • Remote Access
  • Incident Management, Reporting and Response
  • Physical and Environmental Security
  • Network and Communications Security

Project Management

  • Initiation
  • Planning
  • Execution
  • Reporting
  • Monitoring and Controlling
  • Closing

Defining key elements of the ICT Framework

A definition of the terms used to describe the key elements of the IT Framework is provided in the following schedule.

Governance

Governance describes the guiding strategies, principles and practices that guide the correct and effective delivery of ICT, and provides a framework for ICT decision making.

Governance Definitions

ElementDefinition
ICT Strategy and Planning

ICT Strategy and Planning involves:

Conducting ICT strategic planning

Developing systems and delivering ICT services in line with an approved ICT Strategic Plan

Alignment of the ICT Strategic Plan with the Local Government Strategic and Community Plans

Involving IT in corporate planning.

Risk ManagementRisk Management is the identification, assessment, and prioritisation of risks followed by coordinated and economical application of resources to minimise, monitor, and control the probability and/or impact of unfortunate events.1
ICT ProcurementICT Procurement involves the acquisition of ICT goods and services.
Policy, Processes and ProceduresPolicy, Process and Procedures means having documented and approved ICT policies, processes and procedures in place that staff are aware of, have access to and are actively using.
Performance MeasurementPerformance Measurement is the process for measuring and reporting performance of ICT services, often measured through tools such as Key Performance Indicators (KPIs) or service level agreements.
Performance ManagementPerformance Management is the activities which ensure that goals are consistently being met in an effective and efficient manner.2
Monitoring and ComplianceMonitoring and Compliance are the measures and controls in place to monitor compliance of ICT controls, guidelines and procedures. This includes audit logging of systems, identification of anomalies and incident handling provisions.
ICT Resource ManagementICT Resource Management is the efficient and effective use of ICT resources (information, systems, networks, infrastructure, devices and people) to deliver ICT services.
ICT Sourcing ModelsICT Sourcing Models are alternative ways of delivering ICT services. Alternate ICT sourcing models include managed solutions delivered by a service provider, systems hosting by another local government and cloud computing.

1. 'Risk Management', Hubbard, Douglas (2009). The Failure of Risk Management: Why It's Broken and How to Fix It. John Wiley & Sons. p. 46.
2. 'Performance Management', Wikipedia, taken at 14/9/2012

Emerging trends and technologies

Emerging Trends and Technologies provide challenges and opportunities for local government in managing ICT systems and resources, and the delivery of future ICT services.

Emerging Trends Definitions

ElementDefinition
Social MediaSocial Media is an online media platform that allows users to generate and share content over the internet using technologies that promote engagement, sharing and collaboration.
Smart Phones and DevicesSmart Phones and Devices are electronic computing devices that are cordless, mobile and connected to the internet and include smart phones and tablet devices.
Cloud ComputingCloud Computing is an IT delivery model that allows software, servers and storage to be provided over a network or the internet on a pay-as-you-use basis.
Bring Your Own Device (BYOD)Bring-Your-Own-Device is a hardware strategy that allows staff to use their own personal computing device for work purposes, such as smart phones and devices.
Online ServicesOnline Services is the delivery of local government services over the internet, such as online lodgement of customer service requests, building and development applications, payment of rates, licences and infringements.
Online ApplicationsMobile Applications refers to the development and use of mobile applications to allow local government information and services to be accessed using a smart phone or smart device.
Open DataOpen Data is the concept that government data should be freely available to everyone to use as they wish, typically over the internet and/or using a smart phone or device.

Business systems and applications

Business Systems and Applications refers to all the software systems and applications used by a local government. 

Business systems and applications definitions

ElementDefinition
Software acquisitionSoftware Acquisition is the process of purchasing software, including software evaluation and defining user requirements.
Software Design and DevelopmentSoftware Design and Development is the process of designing and developing software and applications.
Software Maintenance and ManagementSoftware Maintenance and Management is the process of maintaining, upgrading, supporting and managing software systems and applications.
Business Process AnalysisBusiness Process Analysis refers to the process of analysing and documenting the business processes of a local government.
IntegrationIntegration of software systems and applications to enable sharing of data between systems.
Requirements Definition

Requirements Definition is the process of identifying and documenting what the business needs are when acquiring or developing new software systems or modifications to existing systems.

The requirements should be documented, actionable, measurable and testable, and related to identified business needs and defined to a level of detail sufficient for system design.

Software ScopingSoftware Scoping is the process of defining the purpose, functions and features of a software system.
TestingTesting is the process of adequately testing software systems or upgrades prior to implementation, including test implementation and user acceptance testing.
ImplementationImplementation describes the processes involved in getting new software operating properly in its environment, including installation, configuration, running, testing, training and managing change.3

3 'Implementation', TechTarget, accessed 21/9/2012

Infrastructure and technology

Infrastructure and Technology refers to the hardware and network infrastructure used to deliver local government ICT services.

Infrastructure and technology definitions  

ElementDefinition
InfrastructureInfrastructure refers to the physical IT hardware such as servers, network equipment, communications devices.
ArchitectureArchitecture refers to the design of the infrastructure environment used to interconnect computers and users, including server room and network design.
VirtualisationVirtualisation is the process of creating virtual (rather than actual) hardware platforms (server or desktop environment), operating systems, storage devices, or network resources.4
Capacity ManagementCapacity Management is the process of managing IT resources to ensure resources such as disk space, memory and processing capability meets current and future business requirements in a cost-effective manner.5
Communications and Network ManagementCommunications and Network Management are the activities involved in managing a local government's local and wide area network, including data, voice and internet communications.
Data StorageData Storage means disk or network storage space, memory or media required to store digital data.
IT Asset ManagementIT Asset Management is the practice of effectively managing the life cycle of software and hardware assets, including acquisition, implementation, maintenance, utilisation, and disposal to support strategic IT decision making.6
Systems AquisitionSystems Acquisition is the process of purchasing systems hardware and network equipment, including defining business requirements and system evaluation.
Systems Design and DevelopmentSystems Design and Development is the process of designing and developing hardware platforms, networks and infrastructure architecture.

4. 'Virtualisation', Wikipedia, accessed 21/09/12
5. 'Capacity Management', Wikipedia, accessed 21/9/12
6. 'IT Asset Management', adapted from Software Asset Management definition, Wikipedia Management, accessed 21/9/2012

The IT business community

IT business continuity describes the activities undertaken to enable a local government to perform its key functions and deliver its ICT services.

IT business community definitions

ElementDefinition
Disaster RecoveryDisaster recovery involves all activities required to restore a system, service or data to its state prior to a disaster, or the closest achievable state depending on the success of the disaster recovery operation.
Contingency PlanningContingency planning refers to planning for alternative business outcomes to mitigate against risk.
BackupsBackups is the process of backing up data and systems and storing them offsite to ensure that data and systems can be recovered as required.
ReplicationReplication involves replicating data and systems to a secondary site to provide resiliency and business continuity in case of an unplanned event or disaster.
RedundancyRedundancy of systems, networks and communications links to mitigate risk and provide resiliency and business continuity.
Data RecoveryData recovery is the process involved in restoring data following an unplanned event or disaster.

Security

Security means protecting information and systems from unauthorised access, use, modification, disclosure or destruction.

Security definitions 

ElementDefinition
Access ManagementAccess management involves the management of user access to systems, including assigning and revoking privileges and permissions, authentication and authorisation procedures.
AuthenticationAuthentication is the process by which users are identified on a system or network.
AuditAudit refers to the examination of the management controls within IT infrastructure, to determine if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the local governments goals or objectives. An IT audit may be performed in conjunction with a financial statement audit, internal audit, security incident or breach.7
Remote AccessRemote access is the provision of access to a local government's information systems to staff working outside of the main administration centre or wide area network. This can include from the works depot, museum, recreation centre, or staff working from home. Remote access is typically provided over the internet and secured by technologies such as a virtual private network, terminal services, virtual desktop solutions (e.g. Citrix or VMware) and/or remote desktop.
Incident Management, Reporting and ResponseIncident management, reporting and response involves identifying, analysing, reporting, and responding to IT security incidents including taking corrective and preventative action.
Physical and Environmental SecurityPhysical and environmental security refers so providing adequate physical and environmental protection for a local government's ICT assets to prevent unauthorised access, use or destruction.
Physical security describes the physical measures to deny access to IT systems, networks and information from unauthorised persons.
Environmental security includes all other non-physical security measures to systems, networks and information, such as virtual private networks, antivirus and other malware strategies and redundancy.
Network and Communications SecurityNetwork and communications security involves taking measures to secure local and wide area networks, voice communications and internet links.
Change ManagementChange management from an IT security perspective, is the process for directing and controlling alterations to the information processing environment. This includes alterations to desktop computers, the network, servers and software, but typically refers to changes in
processes and workflows that can become disruptive if not managed properly.
Version ControlVersion control is the process of managing multiple versions of software and electronic files.

7. 'Audit', adapted from 'Information Technology Audit', Wikipedia, available at, taken 19/9/2012

Project management

Project management is the discipline of planning, organising, controlling, and managing resources to achieve specific goals.

Project management definitions 

ElementDefinition
Project initiationProject initiation is the process of defining the scope of the project. May involve establishing the scope, a project charter, and preliminary project plan.
Project planningProject planning refers to the process of establishing a project plan detailing how a project is to be accomplished within a certain timeframe and with given resources. A project plan usually identifies various milestones and/or stages of a project and the timeframes in
which they are to be completed.
Project executionProject execution refers to the process of carrying out or implementing the project. Project Execution is the implementation phase of the project plan, and is commenced once the project planning phase is complete.
Monitoring and controllingMonitoring and controlling refers to the process of monitoring progress of the project with regard to the project plan, and controlling resources to ensure delivery of the project on time and within budget.
Project closingProject closing is the process of completing project deliverables, reviewing the outcome of the project against objectives, documenting the lessons learnt, archiving project records and releasing project resources.8

 8. 'Project Management', Project Management Institute, taken 24/9/2012.

Getting started – implementing the ICT Strategic Framework

The ICT Strategic Framework identifies the key elements for the effective management of information and technology, to ensure that corporate information and ICT systems are secure, protected, tested, controlled, developed and maintained in line with corporate objectives and respond to emerging trends. The information required, processes and outputs of the ICT Strategic Framework are detailed below:

What information do I have to gather?

The following information should be gathered before the ICT Strategic Framework is implemented. It is important that initial planning occurs to ensure that your local government is able to fully implement the framework and gain a clear understanding of current capacity.

ICT Supporting Documentation – Identify what strategies, plans, policies, and procedures outlined in the ICT Strategic Framework your local government already has in place.

Local Government Strategic Community Plan – In implementing the ICT Strategic Framework it will be beneficial to understand the long term vision of your local government and the role that ICT contributes to that. This will assist you to develop action plans that are appropriate to your local government in terms of your present position on the ICT Maturity Model, and where your local government aspires to be.

Challenges and Opportunities – Identify what challenges and opportunities the ICT Strategic Framework presents your local government.

  • What are the key ICT issues facing your local government?
  • How can implementation of the ICT Strategic Framework assist in addressing these issues?
  • What are the IT and IM risk factors facing your local government?
  • What are the priority areas for implementation of the ICT Strategic framework?

Internal and External Trends/Issues – What are the internal and external issues and trends that may influence implementation of the framework?

ICT Resourcing Capability – Understand the capacity and capability of your local government to implement the ICT Strategic Framework, with the ICT resources that you have available. The framework provides templates, example policies, strategies, plans and other key documents that your local government may adopt or adapt to suit your requirements.

What do I have to do?

During implementation of the ICT Strategic Framework, the following steps may be useful:

  • ICT Maturity Model – Complete the ICT Maturity Model self-assessment tool provided.
  • ICT Baseline – Determine where your local government is on the ICT Baseline standard.
  • ICT Risk Assessment – Conduct an ICT risk assessment based on where your local government is on the ICT maturity model and ICT Baseline.
  • Priority Areas – Identify priority areas for implementation of the ICT Strategic Framework.
  • ICT Resource Capability Analysis – Conduct ICT resource capability analysis to determine your capability for implementing the ICT Strategic Framework.
  • Action Plans – Develop an action plan appropriate for your local government.

What do I end up with?

  • Key ICT documents such as policies, plans, strategies and registers required as a minimum baseline to enable effective management of ICT within local government.
  • A self-assessed classification of ICT maturity on the local government ICT Maturity Model.
  • An understanding of where your local government is on the ICT Baseline.
  • An action plan to target key areas under the ICT Strategic Framework.

Information Technology Supporting Documentation

The Information Technology Framework Supporting Documentation supports the Information Technology Framework by identifying the types of documents (strategies, policies, schedules and plans) that should be in place to effectively manage information, communications and technology. The supporting documentation schedule identifies the baseline IT standard for local government, which is the proposed minimum standard for managing local government information technology.

GovernanceEmerging Trends and TechnologiesBusiness Systems and ApplicationsInfrastructure and TechnologyIT Business ContinuitySecurityProject Management

ICT Strategic Plan*

ICT Annual Business plans*

Risk Management Strategy and Plan*

Internal KPIs and Service Level Agreements

Social Media Policy**

Online Services Plan**

Cloud Computing Policy

Bring-Your-Own-Device Policy

Open Data Policy

Systems Documentation*

Systems Test and Implementation Plans**

Website and Intranet Business Plan

Website Accessibility Policy

Systems Upgrade Policy

Software Asset Management Policy

Change Management/Version Control Policy

ICT Acceptable Usage Policy*

Systems Documentation**

IT Asset Register**

IT Asset Management Plan**

IT Asset Replacement Policy

Infrastructure Capacity Plan

Virtualisation Policy**

IT Disaster Recovery Plan*

Backup Policy*

IT Risk Assessment Matrix**

IT Risk Mitigation Plan**

IT Security Policy*

Password Policy*

Security Audit Policy

Incident Response Policy

Incident Management Plan**

Business Case*

Project Schedule**

Project Risk Register**

Project Communication Plan

Project Statement (defines scope and deliverables)*

Project Status Report**

Project Issues Register**

Project Quality Plan

Project Plan*

Post implementation Review**

Asterisks represents suggested minimum requirements to meet the standards below. Those without an asterisk are the advanced (ideal standard). The actual level of uptake needs to be determined by each local government based on its size and specific business requirements.

* ICT Baseline standard
** Intermediate (Recommended) standard

What is information management?

Information management is the term used to describe all activities concerned with the use of information in all its forms. More formally, information management is defined as the means by which an organisation plans, identifies, creates, receives, collects, organises, governs, secures, uses, controls, disseminates, exchanges, maintains, preserves and disposes of its information; as well as any means through which the organisation ensures that the value of that information is identified and exploited to its fullest extent.

What is the Information Management Framework?

The Information Management Framework provides a high level framework for the effective management of information within a local government. The framework identifies the aspects of information management that should be considered to ensure that information is captured, stored, accessed maintained and disposed of securely and effectively.

The Information Management Framework has been adapted for Western Australian local governments from the Queensland Government Information Management Policy Framework, developed by the Queensland Government Information Office. The Framework represents the discipline of Information Management as comprising seven key elements:

  1. Knowledge Management — the practice of extracting extra value from our information, including analysis and reporting.
  2. Governance — policy, governance, architecture and direction for information and information management.
  3. Security — confidentiality, integrity and availability of information in line with ISO 27001 and other relevant standards.
  4. Information Asset Management –— full lifecycle management of information as an asset and classifying and cataloguing it so it can be found and used.
  5. Information Access and Use — sharing, licensing and use of information so it's easy to find and able to be exploited as widely as possible.
  6. Record Keeping — ensuring legislative and regulatory requirements are met in the handling of our information.
  7. Data Management — management and maintenance of the data that underlies our information.

The framework has been designed with Knowledge Management as the highest level and Data Management as the lowest level activity with Record Keeping in the middle representing that it is central to all information management activities. Governance and Security apply to all aspects of the framework. The key elements are each made up of a number of lower level elements. Together, these elements describe the discipline of managing each of the key elements identified within the framework.  It is important to consider how the elements interrelate when using and implementing the framework.

Information Management Framework

Knowledge ManagementGovernanceInformation SecurityInformation Asset ManagementInformation Access and UseRecord KeepingData Management

Business Intelligence

Data mining

Knowledge transfer

Analytics

Reporting

Succession Planning

Meta knowledge

Information Management Strategy

Information Management Policy, Principles and Architecture

Information Risk Management

Information Quality Management

Information Governance processes

Monitoring and compliance

Access Management

Authentication

Security Audit

Remote Access

Incident Detection, Management, Reporting and Response

Physical and Environmental Security

Change Management / Version Control

Information Asset Classification

Meta data

Custodianship

Access and Accessibility

Intellectual Property

Licensing and Rights Management

Privacy and Confidentiality

Copyright

Sharing and Exchange

Search and Discovery

Pricing

Publishing

Freedom of Information (FOI)

Records Management

Capture and Creation

Collection Management

Retention and Disposal

Conservation and Preservation

Archiving

Retrieval and Access

Digital Continuity

Data modelling

Data Integration

Data Cleansing

Data De-duplication

Data Warehousing

Data Conversion and 
Transformation

Data Quality and Integrity

Data Capture

Data Migration

Data Format

Defining the key elements of the Information Management Framework

A definition of the terms used to describe the key elements of the Information Management Framework is provided in the following schedule. The definitions of the Information Management Framework have been taken from (and in some cases adapted from) the Queensland Government Information Management Policy Framework Definitions, 2009.

Information governance

Information governance is the system by which the current and future use of information and its management is directed and controlled.9

Information g​overnance definitions

ElementDefinition
Information Management Strategy and Planning

Information management strategy defines the future strategic direction for the utilisation and management of information as a valued core strategic asset.

Information management planning is concerned with ensuring that information and its management aligns with strategy and conforms to legislative and policy requirements.

Information Management, Policy, Principles and ArchitectureInformation management policy, principles and architecture provide direction and guidance with respect to information management activities, ensuring alignment with business requirements.
Information Risk ManagementInformation risk management adapts the processes and practices of risk management and applies it to information management.10
Information Quality ManagementInformation quality management adapts the generic activities of quality management (i.e. coordinated activities that direct and control) information management.11
Information Governance ProcessesInformation governance processes are the specific processes that deliver information governance including the assigning of information governance roles and responsibilities.
Monitoring and ComplianceMonitoring and compliance are the measures and controls in place to monitor compliance of information management controls, guidelines and procedures. Includes audit logging of systems, identification of anomalies, incident handling provisions.

9. 'Information Governance', Standards Australia, ISO/IEC 38500:2008 Corporate Governance of Information Technology, 2008, p. 6.
10. 'Risk Management', adapted from Queensland Government Chief Information Office, Best Practice Guide: Information Risk Management, 2002, p. 4-5.
11. Information Quality Management', Standards Australia, AS/NZS ISO 9000: 2006 Quality management systems – Fundamentals and vocabulary, 2006, p. 9. 

Knowledge management

Knowledge management is concerned with improving organisational outcomes and learning, through maximising the use of knowledge and capturing and applying learnings.

Knowledge manageme​nt definitions

ElementDefinition
Business IntelligenceBusiness intelligence is concerned with supporting better decision making by analysing internal and external information.
Data MiningData mining is concerned with retrieving hidden patterns and relationship from data.
AnalyticsAnalytics is concerned with the application of rigorous statistical tools and techniques to an agency's information in order to improve decision making.
Data WarehousingData warehousing is concerned with collecting and storing data to support decision-making.
Knowledge TransferKnowledge transfer is the process of transferring knowledge from one part of the organisation to another, to ensure its availability for future users.12
ReportingReporting in this context is concerned with large scale report generation from data warehouses.
Meta-knowledgeMeta-knowledge is knowledge about knowledge.
Succession PlanningSuccession planning is the planning for the retention and transfer of knowledge within the organisation as part of the succession planning process.

Information asset management

Information asset management is concerned with valuing and managing information assets with the same rigour as that applied to other strategic assets.

Information​ asset management definitions

ElementDefinition
RegistrationRegistration is the recording of an information asset in a repository for information management purposes for example, an Information Asset Register.
Information Asset ClassificationInformation asset classification is the arrangement of information into groups or categories according to established criteria, such as public, sensitive, private or confidential.13  An example of criteria for arranging information assets is the Keyword AAA.
MetadataMetadata is data that describes the information asset such as file name, author, title, date, subject, location.
CustodianshipInformation custodianship is the assigning of responsibilities to an individual (or group), who ensures that the information asset is appropriately identified and managed throughout its lifecycle and is accessible to appropriate stakeholders.

12. 'Knowledge Transfer', Wikipedia, accessed 26/9/2012.
13. 'Information Asset Classification', Queensland Government Enterprise Architecture, Information Assets and their Classification Fact sheet, Feb 2011, accessed 26/9/2012.

Information access and use

Information asset access and use management is concerned with how information is to be accessed, exchanged and used, by whom and on what terms.

Information access an​d use definitions 

ElementDefinition
Access and Accessibility

Access and accessibility is concerned with both:

how access to government information is maximised for use and reuse.

ensuring that all reasonable steps are taken to minimise social, economic and geographic disadvantage to accessing information.

Intellectual PropertyIntellectual Property protects the legal rights resulting from the original, creative and intellectual effort of individuals and organisations. Government copyright protected information has many forms, including public sector information, literary and artistic works,
computer programs, databases, film and sound recordings; along with intellectual property in inventions, plant breeder's rights, circuit layouts, trademarks and designs.14
Licensing and Rights ManagementLicensing is concerned with determining and managing the rights of use of government information to be granted under a licence. For the purpose of this framework, licensing includes rights management.
Privacy and ConfidentialityPrivacy in the context of information management, is how personal information is collected and handled by government. This extends to an individual's right to privacy and to access and amend their personal information. Confidentiality is the practice of ensuring that information is only accessible to those authorised to have access.15
CopyrightCopyright law grants exclusive rights to creators of original works of authorship.16
Sharing and ExchangeSharing and exchange is concerned with the sharing or exchanging of information between local governments, with other government and other organisations.
Search and DiscoverySearch and discovery the process of searching and identifying all relevant documents, data and information, such as required when handling requests under the Freedom of Information Act (1992).
PricingPricing is concerned with the transparent and consistent pricing of government information.
PublishingPublishing is concerned with assembling information into a desired format and disseminating it to a wide target audience, generally the public. Examples of the output of publishing include an agency website or a Government Gazette.
Freedom of Information (FOI)

Freedom of Information relates to providing access to documents and information under the Freedom of Information Act (1992).

Under the FOI Act, local governments are required to assist the public to obtain access to documents at the lowest reasonable cost and to ensure that personal information held is accurate, complete, up to date and not misleading.17

14. 'Intellectual Property', Queensland Government, Queensland Public Sector Intellectual Property Guidelines, 2007, p. 4,
15. 'Confidentiality', International Standards Organisation, Information Security Standard ISO-17799
16. 'Copyright', Creative Commons, accessed 26/9/2012.
17. 'Freedom of Information' – Office of the Information Commissioner, Western Australia, accessed 26/9/2012.

Recordkeeping

Recordkeeping is the process of making and maintaining complete, accurate and reliable evidence of business transactions in the form of recorded information.18

Recordkeeping ​definitions 

ElementDefinition
Records ManagementThe efficient and systematic control and maintenance of records, including the maintenance of their integrity and authenticity.
Record Creation and  CaptureThe act of bringing into existence and/or accumulating evidence of business activities, i.e. records, and undertaking a deliberate action which results in the registration of the record into a recordkeeping system.
Collection Management

In the context of this framework, collection management is concerned with managing a collection of information throughout its lifecycle. Examples of collections include:

  • collections that are permanent in nature (e.g. archives)
  • libraries
  • museums.
ArchivingArchiving is the process of transferring inactive records from current storage areas to a repository for long-term storage, preservation and access.19
Retrieval and AccessRetrieval and access of records is concerned with ensuring there are appropriate means of finding, retrieving, using and making sense of the records.
Retention and DisposalRetention and disposal is concerned with defining the temporary or permanent status, retention periods, disposal triggers and consequent disposal actions authorised for classes of records.
Conservation and PreservationConservation embraces those processes or actions necessary to ensure the continued survival of collections without further degradation. Preservation is a conservation activity involving processes and operations for both physical and electronic material that prevent loss of information and minimises any deterioration over time.
Digital ContinuityThe planning and processes for ensuring digital records remain accessible despite the obsolescence of hardware and software formats and media.

18. 'Recordkeeping' –Standards Australia, Australian Standard 4390 Part 1 Clause 4.19..
19. 'Archiving', Queensland State Archives, Recordkeeping Terms, accessed on 26/9/2012.

Data management

Data Management is concerned with valuing and managing data as a strategic asset of local government with the same rigour as that applied to other strategic assets.

Data management definitions​​

ElementDefinition
Data ModellingData modelling is a method used to define and analyse the data requirements needed to support local government processes and service delivery.20
Data IntegrationData integration is the process of combining data residing at different sources and providing the user with a unified view.21
Data Quality and IntegrityData Quality and Integrity is an assessment of data's trustworthiness and fitness for purpose, with respect to its accuracy, completeness, timeliness, relevance, transparency and consistency.22
Data CleansingData cleansing is concerned with detecting and correcting or removing corrupt or inaccurate data.23
Data De-duplicationData de-duplication is concerned with the elimination of redundant data to reduce required storage capacity and establish a source of truth.24
Data CaptureData capture is concerned with the collection, manipulation, interpretation and storage of data.
Data MigrationData migration is concerned with transferring data between either storage types, formats or computer systems.25
Data Type and Format

Data type is the classification identifying the type of data (e.g. real-valued, integer or Boolean), the possible values for that type; the operations that can be done on values of that type; the meaning of the data; and the way values of that type can be stored.26

Data formats define the standard way that information is encoded in a computer file, such as .doc, .xls, .jpg.27

Data Conversation and Transformation

Data conversion is the process of converting data from one format to another.28

Data Transformation converts data from a source data format into destination data.29

Data WarehousingData warehousing is concerned with collecting and storing data to support decision-making.

20. 'Data modelling', Wikipedia, available at, accessed 26/9/2012.
21. 'Data integration', Wikipedia, accessed 26/9/2012.
22. 'Data Quality', Wikipedia, accessed 26/9/2012.
23. 'Data Integrity', Wikipedia, accessed 26/9/2012.
24. 'Data cleansing', Wikipedia, accessed 26/9/2012.
25. 'Data deduplication', Wikipedia, accessed 26/9/2012.
26. 'Data migration', Wikipedia, accessed 26/9/2012.
27. 'Data Type', Wikipedia, accessed 26/9/2012.
28. 'File format', Wikipedia, accessed 26/9/2012.
29. 'Data Conversion', Wikipedia, accessed 26-9/2012.
30. 'Data transformation', Wikipedia, accessed 26/9/2012.

Information Management Framework s​upporting documentation

The Information Management supporting documentation supports the Information Management Framework by identifying the types of documents (strategies, policies, schedules and plans) that should in place as a baseline, to effectively manage information.

Information Management Framework supporting documentation 

GovernanceKnowledge ManagementInformation SecurityInformation Asset ManagementInformation Access and UseRecordkeepingData Management

Information Governance Policy

Information Management Policy

Information Management Standards

Information Management Strategy**

Succession Planning/Workforce Plan**

Information Security Policy*

Information Security Audit and Review  Schedule**

Management Policy

Information Asset Register

Information Asset Custodian Policy

Privacy Policy*

FOI Information Statement*

Data Confidentiality Agreement**

Data Sharing Agreements

Record Keeping Plan*

Retention and Disposal Schedule*

Digitisation Policy*
Digital Record

Keeping (of source records) Policy**

Recordkeeping for Social Media Policy**

Data Entry Standards

Document Naming Convention

Asterisks represent the suggested minimum requirements to meet the standards below.  Those without an asterisk are the advanced (ideal standard). The actual level of uptake needs to be determined by each local government based on its size and specific business requirements.

* ICT Baseline standard
** Intermediate (Recommended) standard

Page reviewed 12 January 2024