The statements below are drawn from the Information and records management standard issued in July 2016. The statements and questions are not exhaustive, they are a starting point to assist an Executive Sponsor in understanding their organisations information and records management capability.

1. The strategy and policy adopted by the organisation supports information and records management

Questions

  • Do we have an information and records management strategy and policy? If not, what is being done about it? Is there a plan?

  • Are we able to demonstrate that the information and records management strategy and policy are relevant, current and adapted to our business context, i.e. do they support operational deliveries?

  • How do we monitor the application of strategies and policies?

  • Does the policy reflect the legislative responsibilities of the organisation?

  • Do the strategy and policy include responsibilities as well as the Executive Sponsors oversight of information and records management?

2. Strategic and operational planning align information and records management with the corporate objectives and business activities of the organisation

Questions

  • Does capability development take into consideration information and records management?

  • Is information and records management included in the procurement process when choices of solutions and technologies are made regarding business activities and services delivery?

  • Does the information and records management strategy refer to, or is it included in, other strategic frameworks (If yes, which ones)?

  • Have we identified and valued our information assets?

  • Do we take into account information and records management in risk assessment and management?

  • Do we have a formal process for implementing corrective actions if required?

3. The budget for information and records management, and the resources needed to support information and records management are known and included in funding decisions

Questions

  • Are we able to identify budget allocations for information and records management?

  • What is the percentage of overall budget?

  • How is it broken down?

4. Information and records management is integrated into work processes, systems and services

Questions

  • Do we have an Information Assets Register? Is there a process in place to maintain it?

  • Do business owners and business units take responsibility for ensuring that information and records management is integrated into their business processes, systems and services?

  • Do we have a map of processes, systems and services in the organisation which identifies critical points of impact on information and records management delivery?

  • Are high risk/high value areas of business documented, including identification of information and records needed to support them?

  • Are systems holding information and records of high risk/high value identified, monitored, protected and decommissioned appropriately (if required)?

  • Do we have a migration strategy in place? And if yes, is it implemented?

  • Do we address information and records management matters in our business continuity strategy and plans?

5. Staff with appropriate skills are available to implement information and records management strategies

Questions

  • How is information and records management currently resourced in the organisation? If there are gaps, are there plans to address them?

  • Do we outsource any information and records management activities? If yes, which ones?

  • Is responsibility for information and records management assigned to appropriate staff, documented in policy, job descriptions, performance plans, and service agreements (for contractors)?

6. Monitoring and reviewing information and records management is implemented, transparent, and meets business needs

Questions

  • Do we have a monitoring process in place for information and records management activities?

  • What reporting is done and how often?

  • Do we undertake system audits on a regular basis?

  • Do we implement any corrective actions and how are problems addressed?

  • Do we have assurance processes in place that include information and records management