Te rautaki whakahaere mōhiohio, mauhanga hoki

Information and records management strategy

Please note that the PDF of this page has been removed because the content is the same and our website has a feature to print a webpage. You can also see a preview of this by using the print command (CTRL + P). If you still require a PDF version, please contact us at rkadvice@dia.govt.nz

Information and records are your organisation’s key strategic assets. These assets need to be actively managed to maintain and improve value. Information and records management assets take many forms, including data and business systems. A strategy will guide your organisation to make its current operations more effective by managing its information and records.

An information and records management strategy focuses on leadership, accountability, and responsibility.  It gives a commitment to setting objectives and to regularly reviewing, monitoring and improving organisational performance. It is a high-level statement from your organisation outlining a systematic approach to managing information and records.

A strategy identifies and explains:

• the importance of information and records to your organisation’s business – especially its core business

• the responsibilities for information and records management

• the risks of not managing information and records

• how the strategy fits with applicable laws, standards, business plans and other strategic requirements for your organisation

• how the strategy covers information and records in all formats and locations.

The strategy anticipates and articulates what your organisation will need from its information and records assets over the long term. Your information and records management strategy may be a standalone document or integrated with wider or related strategies.

Establishing your information and records management strategy starts with:

• appraising the current situation and status of your information and records management environment

• writing a statement or vision of the ideal state of information and records management

• identifying the gap between the ideal and current state

• understanding what is driving the need for change or improvement

• identifying the directions taken so far

• identifying what resources and technologies are available to implement the desired state

• setting concrete goals for implementation plans and policies.

The key areas you should address are:

• Information and records governance — the overall governance, strategic direction, and risks for your information and records management.

• Information and records value — unlocking the value of your information and records through their use and reuse.

• Information and records assets — managing your information and records as an asset and classifying and cataloguing it.

• Legislative compliance — ensuring legislative and regulatory requirements are met in the handling of your information and records.

• Data management — managing and maintaining the data that underlies your information and records.

• Information and records privacy and security — ensuring the confidentiality, integrity and availability of your information and records.

To be effective, your information and records management strategy must:

• be endorsed and promoted by senior management

• align with your organisation’s other objectives, strategies and risk management programmes

• link with your overall business direction, as well as the wider sector

• link with your plans for information and communications technology

• cover privacy, security and data management

• identify clear benefits arising from the strategy

• contain solid performance targets, indicators, and goals (to be reviewed regularly so they remain relevant to your operations and business objectives, to legal accountability, and to community expectations)

• reflect all-of-government strategies, policies and requirements where appropriate.

Below we set out explanations and examples, where appropriate, of minimum components that you should include in an effective information and records management strategy.

Component: Purpose and scope

Example:

Our organisation’s information and records are key strategic assets and need to be actively managed to maintain and improve their value. This strategy provides a long-term, organisation-wide approach to managing these assets across all operating environments.

Component: Vision

Example:

Our organisation aims to be trustworthy in the way we use and manage information and records. We fully appreciate and exploit the value of information and records as strategic assets to deliver better government accountability and improved service delivery to the community.

Component: Reason for change and improvement; business drivers

Explanation: Your organisation should base its reasons for change and improvement, and its business drivers, on an assessment of its current environment and the status of its information and records management. This is the time when you should identify any successes, challenges, gaps, and risks.

Examples of what to include in this component:

• Strong rational to support the need to treat information and records as key organisational assets.

• Information and records management should be embedded in business activities and not function in a silo or as an end in itself.

• Information and records management needs to align with what’s happening at the all-of-government level, and how it supports other strategies at a sector or all-of-government level.

• Legal obligations.

• The risks of not having an effective information and records management strategy are identified.

Component: Objectives

Explanation: You can meet these objectives by defining key goals and developing and implementing action plans.

Examples of objectives:

• Support more efficient and effective business practices to achieve outcomes.

• Support the public’s right to access, use and reuse government information and records.

• Raise the profile of information and records and improve information and records management capability and culture.

• Identify outcomes arising from Treaty of Waitangi/Te Tiriti o Waitangi obligations.

• Respond to increasing demand for information sharing and interoperability across government.

• Manage the growth in information and records created and used.

• Manage unstructured information.

• Maximise opportunities for generating economic value from government information and records.

• Comply with changing legislative and regulatory requirements.

Component: Key goals (outcomes)

Examples of what to consider when compiling outcomes:

A clear governance, authorising and accountability environment for information and records

• Information and records governance arrangements are in place.

• Responsibility for managing information and records is assigned.

• Information and records management is planned and integrates with corporate business strategies and outcomes, the ICT Strategic Action Plan and long-term investment plans.

• The environment meets your organisation’s information and records management legal, regulatory, and cultural responsibilities.

Improved information and records management capability and practice

• The skills of staff are improved by proactive information and records management capability building.

• Endorsed best-practices are in place to ensure your information and records systems collect and manage information needed for your organisation’s business.

• Better core business processes that embed effective information and records management practice reduce duplication of work and product.

Improved access to and use of your information and records

• The right information and records are available to the right person, at the right time, in the right format, and at the right place, to enable open and accountable government, a better-informed public, and improved business decisions.

• The information and records requirements of your organisation’s governing and associated bodies (such as Ministers, Councils and Boards) are met.

• Information and records are easier to find.

• Use and reuse of personal information and records is appropriate and controlled.

Information and records are treated as valued assets

• The information and records needs of your organisation are identified.

• Your organisation can readily exchange information and records across government, and externally when appropriate.

• The value of your information and records is unlocked by providing opportunities for reuse.

Component: Implementation plan

Explanation: The implementation plan outlines measurable activities or actions needed to achieve the key goals of the high-level strategy, and allocates timeframes and resources. The strategy should document who will be responsible for ensuring that it is implemented.

Examples of what to include in this component:

• A list of actions for short-term, medium-term, and long-term goals and targets.

• Highlight where consultation and interaction are required with other areas of your organisation.

• Highlight where consultation and interaction are required with external parties.

• Highlight expected lines of reporting and timeframes.

Component: Measuring success

Explanation: Measuring success helps to ensure that an information and records management strategy translates into results. Your strategy should document who will be responsible for progress monitoring and reporting.

Example of what to include in this component:

A yearly assessment of information and records management maturity against accepted maturity models.

You can use the results of these assessments to revise your information and records management strategy and actions as you work towards your goals. This measurement can incorporate, align with, and support maturity assessments by external regulators.

Component: Approval, date of publication, and review

Explanation: A review cycle should be included in your information and records management strategy to ensure its continued relevance.