Future Proof – Protecting our digital future

State Records issued the new Standard on Records Management earlier this year. The new standard provides a streamlined framework designed to better support NSW Government digital business processes in complex environments.

Catherine Robinson recently spoke about the new standard at a records and information management conference. Here is some of what Catherine said:

State Records’ standard-setting role

Part 2 of the State Records Act 1998 establishes a role for State Records to approve standards and codes of best practice for records management for use by public offices (section 13).

Standards issued by State Records are outcomes-oriented and are designed to improve records management and recordkeeping across the NSW public sector. This is a very important design criteria for us, as we need to establish requirements/desired outcomes that can be implemented by any organisation covered by the Act (organisations can range in size from very small with 10 people to very large organisations with 10,000+ staff).

Our standards are mandatory, measurable and include minimum compliance requirements. They are used in monitoring activities, e.g. internal audit processes and by State Records staff when assessing the recordkeeping practices and processes of a public office.

Design of the new standard

The new standard has been specifically designed to assist organisations with the current and emerging environments for records and information management. As part of our work on the new standard, we were conscious of a number of key factors:

• Our monitoring activity in 2013 identified that organisations were having major issues in implementing digital recordkeeping and in developing good practices and processes.
• In the broader NSW environment there has been some significant work undertaken as part of the NSW ICT Strategy. NSW has an Information Management Framework to support how government administers and uses data and information. Harmonising records management standards with this major initiative is very important in ensuring that there is an integrated approach to managing records and information.
• NSW Government is rapidly transforming the way it does business and interacts with the community. Increasingly, business processes are digital. It’s important that records management standards for NSW Government support good information practices in digital business environments and increasingly complex information environments in organisations.

Managing information through digital transformation can be difficult and challenging. There are many risks to be mitigated, including ensuring that records and information can be:

• authenticated and deemed trustworthy
• kept accessible
• maintained for as long as they are needed by a business area or organisation
• managed and disposed of appropriately.

As we move into the digital space it’s important that good records and information management continues, so that good service delivery, sound decision-making and accountable processes are supported by records. Critical to all our businesses are reliable and trustworthy records which can be trusted and shared.

The standard is designed around three key elements: Governance, By Design, and the Management Regime. Combining these three elements will result in trustworthy and reliable digital records and information.

Governance

The standard requires organisations to establish appropriate governance frameworks for the management of records and information in the organisation. This includes:

• establishing policy and strategies to manage records and information throughout the organisation
• assigning responsibilities
• ensuring that records and information are identified and addressed in outsourcing, cloud and service delivery arrangements
• monitoring records and information management activities, systems and processes.

By Design

The standard requires organisations to take a planned approach to records and information management. This will include:

• undertaking an assessment of records and information needs so that the organisation can define key business information needed for the short and long term in order to meet identified requirements such as accountability and community expectations
• as part of this assessment, identifying the high risk and high value areas of business and the systems, records and information needed to support high risk/high value business
• using the assessment to design records and information into processes and systems
• managing records across all operating environments so that the organisation knows where records and information are held across diverse system environments and physical locations, and is better able to manage records and information and ensure that they are considered in all system and service arrangements
• safeguarding records and information which have long term value to ensure that the records and information are retained for as long as they are required
• ensuring that the organisation has documented strategies for migrating records and information – this can include system migrations, or moving records from one cloud provider to the next
• ensuring that records are sustained across system and service transitions such as migration between systems, or moving records and information from one service provider or cloud provider to the next.

Taking a planned approach to records and information management will assist the public sector with managing records and information in the digital environment, particularly with systems design, silos of information and records stored across the organisation, managing migrations, decommissioning of systems, and ensuring that long term records and information (i.e. needed for more than 30 years) are protected and safeguarded in the ever changing technological environment.

Taking a planned approach also means identifying high risk/high value systems and the records which support these business operations and systems.

This information can then be used to make sure that records and information management is designed into the system specifications for high risk/high value areas of business, helping to ensure that such systems have the capability to create, capture and manage records of this business.

Management Regime

The standard requires that organisations ensure effective management of records and information.

Underpinning trustworthy, useful and accountable records and information is the good management of records and information. This includes:

• records and information are routinely created and managed as part of normal business processes
• records and information are protected from unauthorised access, destruction, loss, deletion or alteration
• access to records is managed and in accordance with legal and business requirements
• records are retained and kept for as long as they are needed.

The requirements in the three principles in the standard are designed to help create an organisational framework which manages information for its value, controls business information for efficient operations and processes, and identifies accountabilities for and risks to records.

Benefits of the new standard

We believe that this new standard has a number of benefits. It is an invaluable tool in supporting the management of all information assets and resources across the entire organisation and in the transition to the digital business environment.

It will increase visibility of information assets regardless of what type of record it is, regardless of the system its stored in (EDRMS, ECM, business system) or the storage location (in the cloud, in a storage repository).

The standard has been written for a wide audience, not just for records and information managers. We have received very positive feedback on the standard indicating that organisations are finding the standard and its requirements very understandable. The benefit of this, is that there will be a wider use of the standard across organisations which will promote collaboration between ICT, information management and records management professionals.

Another benefit of the standard is that it is getting senior management interested in records and information management.

Implementing the new standard

As we have previously flagged, we are interested to hear how people have used the standard to support the implementation or assessment of digital systems and the transformation of digital processes in their own organisations. Please contact us if you would be willing to work with us to develop case studies which can be shared for the benefit of the sector, or if you just want to let us know about your progress so far.

Photo credit: David Stanley – “King Penguin Couple” (CC BY 2.0)