To develop the Information Management Plan (Plan), you will need to know which:

• policies and procedures are required to support the information management priorities, as well as to manage information assets in general (Behaviour 2.2)
• information resources your agency has/requires
• information management roles and responsibilities are required
• access and discovery schemes applicable to your agency, through which information can be requested and/or shared, and how these are to be managed (Behaviours 5.7 and 5.8)
• privacy considerations and controls your agency has or requires to ensure personal information is properly managed.  This includes its collection, storage, access, correction, use and disclosure of personal information (Behaviour 5.6)
• security and business controls your agency has or requires to ensure information remains accessible, available, managed and shared and can be relied upon for as long as it is needed (Behaviours 2.5, 4.5, 5.1 and 5.2)
• disposal program your agency has or requires to ensure information assets are disposed of in an authorised and timely manner once all business, legal and accountability requirements have been met (Behaviours 2.7, 5.4, 5.5 and 5.9)
• systems your agency has or needs to meet information management requirements to ensure the quality and authenticity of information and comply with the Managing Digital Records in Systems Standard and the Minimum Recordkeeping Metadata Requirements Standard (Behaviours 2.5, 2.6, 5.2 and 5.3).

Scope and content of the Plan

It is recommended that your agency have one Plan.  However, detailed project plans can be developed for the various projects and initiatives outlined in the Plan.

The Plan can contain short and long-term actions.

At a minimum the Plan should cover:

• Responsibilities
  Outlining the overall responsibility for leading and monitoring implementation of the Plan and reporting on progress, as well as responsibilities for ensuring that specific actions are implemented and progress is reported
• Tasks and Timeframes
  The measurable tasks needed to achieve the objectives of the Information Management Program (Program) and the prioritised actions identified based on the value and risk analysis .  
  These are likely to include:
  • policy and procedure development
  • access schemes
  • privacy measures
  • security measures
  • retention and disposal program
  • compliance of systems that hold information
  • education / training of staff

• Resources
  Defining what resources are needed to meet the actions, including funding, staffing and technical systems
• Consultation
  Identification of where consultation and interaction are required with other areas of your agency, such as ICT, security, business areas and senior management

• Monitoring, assessment and reporting

Review the Plan

Progress against the Plan should be assessed and reported on a regular basis.

The Plan should be reviewed annually or as part of the self-assessment tool process to:

• change or update the scope or timing on tasks as your agency’s information governance maturity and capability improves and past Plan actions are completed
• delete or add new tasks or projects
• ensure it takes into account any changes in an external or internal context that affect the actions required under the Program and associated policies.  For example a change in legislation might affect your agency’s privacy or data security framework or data sharing arrangements
• ensure it addresses any gaps in the Program and its overall compliance with the Information Management Standard .