Information Management Plan Map highlighting the Resources, Roles and Responsibilities stage of the process.

How the sufficient allocation of resources, including budget, infrastructure and staff, underpins an Information Management Program and Information Management Plan.

Relationship to the Information Management Standard

Sufficient allocation of resources, including budget, infrastructure and staff, is a vital element of an Information Management Program  (Program) and Information Management Plan (Plan).

Staff allocated to perform information management related functions must be appropriately skilled and have the capability to manage  in accordance with the Information Management Standard (Standard) (Behaviours 1.4 and 3.1-3.6) and your agency’s Plan. .

Resource allocation needs to be done within your agency’s specific context, such as legal and regulatory requirements, risk and business objectives.

Under Behaviour 1.5, agencies must “foster an organisational culture that values and manages information as an asset and supports business objectives and activities”.  To foster such a culture, all staff must have a clear understanding and acceptance of their information management roles and responsibilities.

Resources

The scope of the Plan will define the type and quantity of resources needed to implement the tasks identified.

Relevant resources include:

  • financial – once-off and / or ongoing
  • staff – number and expertise
  • infrastructure – such as space, technology, materials, logistics such as transport, services.

All resource allocation will have a financial component, even in terms of using regular budget allocation.

New initiatives may require additional funding. Depending on the nature, scope and components of the initiative a business case might be required.  For example, if the initiative is to make one or more specific information systems compliant with relevant standards, there may be costs in engaging external specialists to undertake that work.  Or, if a major disposal program for physical information assets is required, funding might be required for contract staff, materials, transport and storage.

Determine resource needs by:

  • identifying all aspects of support needed to implement the required information management related tasks
  • assessing if resources are needed on a once-off, intermediate or ongoing basis, and how the resource mix might change.  Funding might need to be secured as part of the regular budget allocation for specific areas (for example the records management function)
  • identifying what resources are already available and what resources need to be acquired from elsewhere
  • identifying costs as accurately as possible and, if applicable, how they might change over time
  • identifying possible options for resourcing, for example can someone with appropriate expertise be assigned from another area of your agency or from across the sector, can university students with relevant skills be engaged, can existing budget be reassigned from a lower priority task or can your agency share storage space with another agency?

If needed, prepare a business case or recommendations according to your agency’s internal process.  In aiming to meet the Standard you should clearly identify the business benefits and risk.

Short-term engagement of appropriate expertise is recommended, where required, for agencies that do not have a dedicated information management specialist.

Engagement of third party providers

It is common practice for government to engage third party parties to provide:

  • services on their behalf that involve the transfer or handling of government information assets or
  • direct services to your agency (for example with an approved service provider (ASP ) or a cloud service for storage).

Any contracts that involve the handling and / or storage of government information assets, in particular assets that contain personal information, must include obligations on the service provider to ensure your agency’s information assets are managed in accordance with the State Records Act 1997 (SR Act) and your agency’s relevant privacy principles .

The contract needs to clearly identify any ownership and custody arrangements of the information assets. The Contracting and Information Assets Standard (Contracting Standard) sets out these obligations. Refer to the Contracting Standard, the accompanying guideline and the model contractual terms and conditions for more information.

Further, legal advice is recommended where information assets will be stored and / or managed outside of Australia to ensure your agency continues to meet its legal and compliance obligations.  These obligations include, at minimum, those under the:

Provision of sensitive or classified information to a foreign entity is of a particular concern.

Agencies using ASP for secondary storage of temporary value information assets must comply with the Management and Storage of Temporary Value Information Assets Standard.

Roles and responsibilities

Principle 3 of the Standard is about information ownership or stewardship.

Information stewardship is the careful, responsible and accountable management of information. The information is not owned personally by any individual but rather by your agency, however responsibility and accountability for the information may be assigned.

Good information stewardship

Ownership and accountability for information (Principle 3) must be managed consistently through a governance structure that:

  • formally assigns the responsibility of information assets (in writing) to the owners of the relevant business or function
  • ensures staff are aware of their information management responsibilities and have the necessary skills to fulfil them
  • documents and clearly defines in writing, through policy or other internal documents, the roles and responsibilities relating to the management of information assets
  • provides clear communication to assigned owners of their responsibilities in managing the information assets assigned to them
  • monitors and reports on staff adherence to  its internal information management policies
  • has the support and commitment of the chief executive and senior management, including the allocation of proper resourcing.

Information stewardship might be the responsibility of several roles at different levels within your agency.  An individual may be assigned more than one role, for example a senior manager or the Information Manager may also be the Information Management Policy  owner.  An Accredited Freedom of Information Officer (FOI) may also be involved in coordinating data sharing agreements or privacy management.  For small to medium agencies roles may be combined.

Fostering a good information management culture

In addition to good information stewardship, it is important for your agency to foster a good information management culture (Behaviour 1.5), that:

  • values and manages information as an asset
  • recognises how your agency’s information assets support business objectives and activities.

To achieve a good information management culture, your agency must have a clear and well communicated strategic vision and understanding of the value of its own information assets and how they are to be managed.

Your agency’s strategic vision and direction should be developed in accordance with the Standard’s principles with adequate training and resourcing provided to ensure the effective implementation of such policy. One of the key pillars to fostering an organisational culture that values and manages information as an asset and supports business objectives and activities is having a robust Program.

Another key pillar is the championing and promotion of good information management principles and values by your agency’s chief executive and senior management.  This includes ensuring the Program is effectively implemented through:

  • the allocation of adequate resources. This includes identifying future areas for improvement or development to be factored into budget objectives where current budget constraints apply
  • promoting sound information management practices, underpinned by the Standard, in its operational activities, including the implementation of supporting information management policies and procedures
  • providing information management training to staff and educating them on the importance of information management to create a shared understanding of your agency’s information management values.

Responsibilities  

The level of responsibility for information management varies according to an individual’s role.

Typical levels of responsibility are listed in the below Table.  The role title may be different depending on your agency, for example the Information Manager may be titled ‘Records Manager’.

Your agency must ensure all staff receive information management training and comply with your agency’s information management policies and procedures.

All staff should be made aware of the roles and responsibilities in creating and capturing information assets in order to carry out business functions and activities effectively. Staff compliance should be monitored routinely.

Table: Roles and responsibilities

Role

Responsibility

Chief Executive(or principal officer)

  • ensure your agency complies with legislative requirements for information management, including the SR Act and Standards issued under the SR Act
  • actively support and champion information management values and practices

Senior Managers

  • understand regulatory requirements for information management and oversee compliance
  • approve and assign appropriate resources to support the implementation of the Plan
  • actively support and champion information management values and practices

Information Manager

  • participates in the development, acquisition and implementation of systems that keep information assets, in any format
  • liaise with others, such as Information and Communication Technology professionals (ICT), business area managers, FOI teams, privacy officers, cyber security specialists, and contracted service providers
  • develop controls for information assets
  • provide training and support
  • undertake information management compliance or capability assessments
  • intervene promptly and appropriately when made aware of inappropriate information management practices or adverse events
  • manage centralised hardcopy records systems and dedicated Electronic Document and Records Management Systems (EDRMS)
ICT / Information Custodian / Records officers and administrators
  • ensure continuous and reliable operation of information systems, such as security, access control, backup and business continuity, including for hosted or cloud-based systems
  • administer hardcopy records systems and EDRMS
Business Unit Head
  • be designated as the ‘Business Owner’ of specific information assets (for example the person or group that is ultimately responsible for an information asset)
  • be responsible for the creation and management of any information in their business unit
  • ensure that the Policy is appropriately implemented in their area and good information management behaviours are practiced
All staff
  • adopt good information management practices by creating complete and accurate information assets wherever evidence of the conduct of business is required and storing them in compliant systems
Page last updated: 21 April 2023