Ngā pūnaha mōhiohio, mauhanga hoki e kōtuitui ana

Integrated information and records systems

Please note that the PDF of this page has been removed because the content is the same and our website has a feature to print a webpage. You can also see a preview of this by using the print command (CTRL + P). If you still require a PDF version, please contact us at rkadvice@dia.govt.nz

Public sector organisations must proactively identify, design and integrate their information and records management requirements in all their business systems, processes and practices.

Take a ‘by-design’ approach

Taking a ’by design’ approach ensures you consider information and records management at every stage when:

• developing new business systems, processes and practices

• improving existing business systems, processes and practices.

This approach is proactive and preventative. It focuses on:

• identifying information and records requirements, and

• building these into your organisation’s business systems, processes and practices.

Plan information and records management requirements

You need to understand your business and its information needs thoroughly when planning information and records management requirements. To do this:

• identify the value of the information and records your organisation needs to create and maintain

• undertake an information risk analysis of your systems, processes and practices related to the stability, accessibility and usability of your information and records

• define minimum requirements and appropriate strategies for creating, maintaining and monitoring your information and records

• plan for integration with current business systems and processes

• be aware of, plan for and manage any information-related impacts of change

• assess your current and future needs for documentation about business systems, processes and practices.

Mitigate risks

Business systems are often used without an understanding of the information needs they must support. Without this understanding, key business information and records can be at risk. You can mitigate risks with clear business system planning and governance.

Mitigate risks by developing a business system with an understanding of:

• what business operations the system will need to support

• what part of the organisation will own the business system, processes and practices

• what information is critical, both for staff performing the business and for clients

• what information will be critical into the future, both for staff and for clients

• how long into the future current business and regulatory requirements say information is required

• what information currently supports this business

• what additional information would improve business processes

• what risks to information need mitigating in the proposed system.

Plan for stability and longevity

Depending on the nature of your business, it’s likely some information and records in current systems will need to remain accessible and usable beyond the life of the system.

To make transitions into new systems as seamless as possible, it’s important to consider your long-term information and records needs early in business system planning and development. It’s also important to develop appropriate management strategies.

You should consider these information and records management questions when planning new systems or undertaking strategic planning.

• How do we identify and plan for mitigation of any issues that may arise when shifting long-term value information to a new system?

• What specific migration pathways do we need to develop for long-term value information?

• What legacy systems will need long-term support?

• Could we consider using platforms that support open formats for data management and export where services are outsourced, set and manage service agreements that include information management obligations for high-value and high-risk information, or both?

Information, records and data volumes in organisations are growing exponentially and unsustainably. Impacts of this are starting to be felt. To ensure there is no ongoing legacy of large volumes, your business system planning needs to identify:

• what information can be routinely disposed of and when

• what information needs to continue to be sustained by the system and how this will be achieved

• what risk-appropriate management strategies can apply to high value information and records.

Risks of not planning for longevity

Risks of not planning for information, records and data longevity can include:

• poor management of information needed for long-term business purposes

• failure to comply with regulations and requirements for information and records retention

• having to pay ongoing software licensing and offsite storage costs for legacy systems if business areas need ongoing access to information in these systems

• data duplication and dual processes through concurrent maintenance of legacy systems.

Information-related impacts of business system change

Implementing new systems gives organisations the opportunity to rethink business processes which are often simplified and streamlined as a result.

This can mean information and records that once had an important use beyond the immediate needs of the business process may no longer need capturing in the same way — if it all. This may be a necessary trade-off, but it should still be made with full understanding and documentation of any implications.

Plan and manage change

When using new systems for the first time, your organisation needs effective change management and training. This helps maintain an organisational culture that values information and records management.

If change is not managed well, implementing new systems can lead to extensive duplication of information, records and data. Staff may be unclear about the new business processes they’re expected to use, leading to inappropriate practices such as:

• storing information in multiple places

• adopting unofficial parallel processes

• continuing to retain paper documents despite new automated digital processes.

Consider metadata requirements strategically

Metadata is an essential and powerful tool for information and records management. When designing information and records systems, consider what metadata will:

• best enable flow of business and the creation and management of effective, useful information

• best enable the ongoing use, understanding and accountability of business information

• need carrying forward through business system change and persistently linked to business information for meaning, context and accountability purposes.

You need to balance these considerations against a potential workload of manually creating certain metadata. You also need to consider the effort required to check and improve the quality of metadata to maintain any legislative requirements over time. Creation and capture of metadata should be automated where possible, and integrated logically within business processes (for example, using naming conventions).

Assess your business system documentation needs

Information about business systems may be critical for their ongoing use and management.

When developing a business system, consider current and future business needs for information about:

• system rules

• system metadata

• system validation and security processes

• workflow authorisations

• workflow processes.

It may also be important to capture point-in-time representations of this information, to identify what processes or rules were in place at any specific time.

When outsourcing a business system, process or practice, you need to consider whether the service agreement includes the right to access business system documentation. If it does not, you should think about whether this could be problematic or an unacceptable risk in the long term.