ICT Strategic Framework

Information is a strategic resource that underpins the key functions and decision making
processes of a local government.

The way information is managed, including the technology used to support it, is therefore central
to local government business practices. Alongside its physical, human and financial resources, a
local government must manage its information in a way that enables services to be delivered that
best meet community needs and the priorities set by council.

Integrated Planning and Reporting (IPR) Framework

The Integrated Planning and Reporting (IPR) Framework and Guidelines sets out how local
governments should plan for their future through the development of Strategic Community Plans
and Corporate Business Plans. The resources needed to implement these plans are identified and
managed through asset management plans, workforce plans and long-term financial plans.

In a similar way, information and information technology resources can be planned for and
managed so that they support the strategic objectives and priorities of the local government, as
well as ensuring the business continuity of its day-to-day operations. ICT is also an important
foundation for the other resourcing plans.

ICT Strategic Framework

The ICT Strategic Framework sets out the key components that need to be considered in
managing a local government's information resources. It represents the key elements, and their
relationships, that might be expected in an 'ideal' environment. In reality, the extent to which it is
applicable will obviously depend on the size and complexity of the local government. It
recognises that there will be differing capacity with the local government sector to implement
ICT and to manage it in line with the IPR Framework.

The ICT Framework is not a compliance requirement. It is a resource that local governments can
use to plan for, manage and review their information and technology assets.
Background
Information is a strategic resource that underpins the key functions and decision making
processes of a local government. The way information is managed, including the technology
used to support it, is therefore central to local government's business practices. Alongside its
physical, human and financial resources, a local government must manage its information
resource in a way that enables services to be delivered that best meet community needs and the
priorities set by Council.

The Integrated Planning and Reporting Framework (IPR) sets out how local governments should
plan for their future through the development of Strategic Community Plans and Corporate
Business Plans.

The resources needed to implement these plans are identified and managed through asset
management plans, workforce plans and long-term financial plans. In a similar way, information
and information technology resources can be planned for and managed so that they support the
strategic objectives and priorities of the organisation, as well as ensuring the business continuity
of its day-to-day operations.

Information and Communications Technology is also an important foundation for the other
resourcing plans.

The ICT Strategic Framework sets out the key components that need to be considered in
managing an organization’s information resources. It represents the key elements, and their
relationships, that might be expected in an "ideal" environment. In reality, the extent to which it
is applicable will obviously depend on the size and complexity of the individual local
government. It recognizes that there will be differing capacity within the local government sector
to implement ICT and to manage it in line with the IPR Framework.

The Framework is not a compliance requirement. It is a resource that local governments can use
to plan for, manage and review their information and technology assets. It will be accompanied
by a number of templates, guides and supporting documents that are designed to assist these
processes.
What is ICT?

Information and Communications Technology or ICT refers to technology that will store,
retrieve, manipulate, transmit or receive information electronically or in a digital form. It
includes hardware, communications devices or applications, including computer hardware,
software, network infrastructure, video conferencing, telephone and mobile phones.

Adequate and appropriate ICT underpins all aspects ofa local government's work. It is integral to
the delivery of local government services: from the provision of information and advice, to
providing better analysis of environmental, demographic and social change for better land use
management and planning. ICT also supports local government back office operations, providing
data storage, information management, email and mobile communications. The rapid adoption of
mobile, on-demand, and social media technologies has changed expectations of service delivery.
These developments offer an opportunity for local government to provide services in new ways,
and to interact through new modes. Mobile, internet and cloud technologies provide further
opportunities for innovation and efficiencies in service delivery.

What is the ICT Strategic Framework?

The ICT Strategic Framework provides a high level framework for the effective management of
information and technology to ensure ICT systems are controlled and maintained in line with
corporate objectives and emerging trends.

The ICT Strategic Framework will be accompanied by supporting documents and tools such as
the ICT Maturity Model, templates and example documents, policies and strategic plans, which
are key resources for effective implementation of the framework.

Purpose of the ICT Strategic Framework

The ICT Strategic Framework has been developed as a tool to:

 Assist Chief Executive Officers, executive team and elected members to better
understand the complexity of managing information and technology within local
government.
 Encourage local governments to improve their ICT capability.
 Enable each local government to operate at or above the ICT Baseline Standard.
  ensure ICT is adequately managed to support all aspects of local government operations,
and
 Support all related elements of the Integrated Planning and Reporting Framework.

Implementation of the ICT Strategic Framework is integral to achieving the outcomes of the
Integrated Planning and Reporting Framework. The ICT Strategic Framework establishes an ICT
Baseline which identifies the minimum requirements for the effective provision of information
management and information technology services to effectively support local government
operations. Understanding the complexity of information and technology management within
local government is the first step in applying the necessary measures to ensure that the baseline
ICT standards are being met.

Who is involved?

The ICT Strategic Framework is targeted at local government staff responsible for managing
Information Technology and Information Services (Records), and/or delivering ICT services.
The ICT Strategic Framework has also been designed as a tool for local government Chief
Executive Officers, executive teams and elected members to understand the complexity of
managing information and technology within local government.

About the Framework

The ICT Strategic Framework is made up of eight elements:

1. governance
2. emerging trends and technologies
3. business systems and applications
4. infrastructure and technology
5. IT business continuity
6. security
7. project management
8. information management
These elements should all be considered in managing information, systems, networks and
infrastructure to ensure that ICT systems are secure, protected from risk, adequately tested and
controlled, and developed and maintained in line with corporate objectives.

The first seven elements and their relationships comprise an Information Technology
Framework. The eighth element consists of important subsets and has been developed as a
separate but related Information Management Framework. Both frameworks are underpinned by
Supporting Documentation (see section 4.5 onwards 'Information Technology Framework
Supporting Documentation'). This includes the policies, plans, strategies and registers required as
baseline to enable effective implementation of the framework.

The frameworks should be used in conjunction with the ICT Maturity Model to assess the
capability of the local government in relation to its size and functions, and to develop appropriate
action plans in response.

Information technology framework

The Information Technology Framework provides a high level framework for the effective
management of IT within local government. The framework identifies the elements of IT that
should be considered as a minimum baseline, in managing systems, networks, devices and data,
to ensure that they are secure, protected from risk, adequately tested and controlled, and
developed and maintained in line with corporate objectives.

What is the structure of the IT Framework?

The IT Framework represents the discipline of IT management as comprising seven key

elements. The framework has been designed with four pillars reflecting the four main IT
disciplines, with Governance overarching all aspects of IT at the top of the framework, and
robust project management underpinning the framework. The positioning of Emerging
Technologies and Trends over the four pillars of IT recognizes the role that disruptive
technologies has on the delivery of IT services.
The key elements of the IT Framework are:

1. Governance – the guiding strategies, principles and practices that guide the correct and
effective delivery of ICT, and provides a framework for ICT decision making.
2. Emerging Trends and Technologies – the emerging trends and technologies providing
challenges and opportunities for local government in managing ICT systems and
resources, and delivery of future ICT services.
3. Business Systems and Applications – the software systems and applications used by a
local government.
4. Infrastructure and Technology – the hardware and network infrastructure used to deliver
local government ICT services.
5. IT Business Continuity – the activities undertaken to enable a local government to
perform its key functions and deliver its ICT services.
6. Security – protecting information and systems from unauthorised access, use,
modification, disclosure or destruction.
7. Project Management – the discipline of planning, organising, controlling, and managing
resources to achieve specific goals.

The key elements are each made up of a number of lower level elements. Together, these
elements describe the discipline of managing each of the key elements identified within the
framework. It is important to note that all elements of the framework are interrelated and
consideration should be given to how the elements interrelate when using and implementing the
framework.

Information Technology Framework

Governance

 ICT Strategy and Planning

 Risk Management
 ICT Procurement
 Policy, Process and Procedures
 Performance Measurement
  ICT Resource Management
 Monitoring and Compliance
 ICT Sourcing Models

Emergeing Trends and Technologies

 Social Media
 Smart Phones and Devices
 Bring-Your-Own-Device (BYOD)
 Cloud Computing
 Online Services
 Open Data

Business Systems and Applications

 Software Acquisition
 Software Design and Development
 Software Maintenance and Management
 Business Process Analysis
 Integration
 Software Scoping and Requirements Definition
 Testing and Implementation
 Change Management
 Version Control

Infrastructure and Technology

 Infrastructure and Architecture

 Virtualization
 Capacity Management
 Communications and Network Management
 Data Storage
 IT Asset Management
  Systems Acquisition
 Systems Design and Development

IT Business Continuity

 Disaster Recovery
 Contingency Planning
 Backups
 Replication
 Redundancy
 Data Recovery
 Emergency Response

Security

 Access Management
 Authentication
 Audit
 Remote Access
 Incident Management, Reporting and Response
 Physical and Environmental Security
 Network and Communications Security

Project Management

 Initiation
 Planning
 Execution
 Reporting
 Monitoring and Controlling
 Closing

Defining key elements of the ICT Framework

A definition of the terms used to describe the key elements of the IT Framework is provided in
the following schedule.

Governance

Governance describes the guiding strategies, principles and practices that guide the correct and
effective delivery of ICT, and provides a framework for ICT decision making.

Governance Definitions

Element Definition
ICT Strategy and Planning involves:

Conducting ICT strategic planning

Developing systems and delivering ICT services in line with an approved

ICT Strategy and
ICT Strategic Plan
Planning
Alignment of the ICT Strategic Plan with the Local Government Strategic
and Community Plans

Involving IT in corporate planning.

Risk Management is the identification, assessment, and prioritization of risks
followed by coordinated and economical application of resources to
Risk Management
minimise, monitor, and control the probability and/or impact of unfortunate
events.1
ICT Procurement ICT Procurement involves the acquisition of ICT goods and services.
Policy, Process and Procedures means having documented and approved ICT
Policy, Processes
policies, processes and procedures in place that staff are aware of, have
and Procedures
access to and are actively using.
Performance Measurement is the process for measuring and reporting
Performance
performance of ICT services, often measured through tools such as Key
Measurement
Performance Indicators (KPIs) or service level agreements.
Performance Performance Management is the activities which ensure that goals are
Management consistently being met in an effective and efficient manner.2
Monitoring and Compliance are the measures and controls in place to
Monitoring and monitor compliance of ICT controls, guidelines and procedures. This
Compliance includes audit logging of systems, identification of anomalies and incident
handling provisions.
ICT Resource ICT Resource Management is the efficient and effective use of ICT resources
Management (information, systems, networks, infrastructure, devices and people) to
 deliver ICT services.
ICT Sourcing Models are alternative ways of delivering ICT services.
ICT Sourcing Alternate ICT sourcing models include managed solutions delivered by a
Models service provider, systems hosting by another local government and cloud
computing.

Emerging trends and technologies

Emerging Trends and Technologies provide challenges and opportunities for local government in
managing ICT systems and resources, and the delivery of future ICT services.

Emerging Trends Definitions

Element Definition
Social Media is an online media platform that allows users to generate and
Social Media share content over the internet using technologies that promote engagement,
sharing and collaboration.
Smart Phones and Devices are electronic computing devices that are
Smart Phones and
cordless, mobile and connected to the internet and include smart phones and
Devices
tablet devices.
Cloud Computing is an IT delivery model that allows software, servers and
Cloud Computing storage to be provided over a network or the internet on a pay-as-you-use
basis.
Bring-Your-Own-Device is a hardware strategy that allows staff to use their
Bring Your Own
own personal computing device for work purposes, such as smart phones and
Device (BYOD)
devices.
Online Services is the delivery of local government services over the
Online Services internet, such as online lodgement of customer service requests, building and
development applications, payment of rates, licences and infringements.
Mobile Applications refers to the development and use of mobile
Online
applications to allow local government information and services to be
Applications
accessed using a smart phone or smart device.
Open Data is the concept that government data should be freely available to
Open Data everyone to use as they wish, typically over the internet and/or using a smart
phone or device.

Business systems and applications

Business Systems and Applications refers to all the software systems and applications used by a
local government. 

Business systems and applications definitions

 Element Definition
Software Acquisition is the process of purchasing software, including
Software aquisition
software evaluation and defining user requirements.
Software Design and Software Design and Development is the process of designing and
Development developing software and applications.
Software Maintenance Software Maintenance and Management is the process of maintaining,
and Managament upgrading, supporting and managing software systems and applications.
Business Process Business Process Analysis refers to the process of analysing and
Analysis documenting the business processes of a local government.
Integration of software systems and applications to enable sharing of
Integration
data between systems.
Requirements Definition is the process of identifying and documenting
what the business needs are when acquiring or developing new software
systems or modifications to existing systems.
Requirements
Definition
The requirements should be documented, actionable, measurable and
testable, and related to identified business needs and defined to a level of
detail sufficient for system design.
Software Scoping is the process of defining the purpose, functions and
Software Scoping
features of a software system.
Testing is the process of adequately testing software systems or upgrades
Testing prior to implementation, including test implementation and user
acceptance testing.
Implementation describes the processes involved in getting new software
Implementation operating properly in its environment, including installation,
configuration, running, testing, training and managing change.3

Infrastructure and technology

Infrastructure and Technology refers to the hardware and network infrastructure used to deliver
local government ICT services.

Infrastructure and technology definitions  

Element Definition
Infrastructure refers to the physical IT hardware such as servers,
Infrastructure
network equipment, communications devices.
Architecture refers to the design of the infrastructure environment used
Architecture to interconnect computers and users, including server room and network
design.
Virtualisation is the process of creating virtual (rather than actual)
Virtualisation hardware platforms (server or desktop environment), operating systems,
storage devices, or network resources.4
Capacity Management Capacity Management is the process of managing IT resources to
 ensure resources such as disk space, memory and processing capability
meets current and future business requirements in a cost-effective
manner.5
Communications and Network Management are the activities involved
Communications and
in managing a local government's local and wide area network,
Network Management
including data, voice and internet communications.
Data Storage means disk or network storage space, memory or media
Data Storage
required to store digital data.
IT Asset Management is the practice of effectively managing the life
cycle of software and hardware assets, including acquisition,
IT Asset Management
implementation, maintenance, utilisation, and disposal to support
strategic IT decision making.6
Systems Acquisition is the process of purchasing systems hardware and
Systems Aquisition network equipment, including defining business requirements and
system evaluation.
Systems Design and Development is the process of designing and
Systems Design and
developing hardware platforms, networks and infrastructure
Development
architecture.

The IT business community

IT business continuity describes the activities undertaken to enable a local government to

perform its key functions and deliver its ICT services.

IT business community definitions

Element Definition
Disaster recovery involves all activities required to restore a system, service or
Disaster
data to its state prior to a disaster, or the closest achievable state depending on
Recovery
the success of the disaster recovery operation.
Contingency Contingency planning refers to planning for alternative business outcomes to
Planning mitigate against risk.
Backups is the process of backing up data and systems and storing them offsite
Backups
to ensure that data and systems can be recovered as required.
Replication involves replicating data and systems to a secondary site to provide
Replication
resiliency and business continuity in case of an unplanned event or disaster.
Redundancy of systems, networks and communications links to mitigate risk
Redundancy
and provide resiliency and business continuity.
Data recovery is the process involved in restoring data following an unplanned
Data Recovery
event or disaster.

Security
Security means protecting information and systems from unauthorised access, use, modification,
disclosure or destruction.

Security definitions 

Element Definition
Access management involves the management of user access to systems,
Access Management including assigning and revoking privileges and permissions,
authentication and authorization procedures.
Authentication is the process by which users are identified on a system or
Authentication
network.
Audit refers to the examination of the management controls within IT
infrastructure, to determine if the information systems are safeguarding
assets, maintaining data integrity, and operating effectively to achieve the
Audit
local governments’ goals or objectives. An IT audit may be performed in
conjunction with a financial statement audit, internal audit, security
incident or breach.7
Remote access is the provision of access to a local government's
information systems to staff working outside of the main administration
center or wide area network. This can include from the works depot,
Remote Access museum, recreation Centre, or staff working from home. Remote access
is typically provided over the internet and secured by technologies such
as a virtual private network, terminal services, virtual desktop solutions
(e.g. Citrix or VMware) and/or remote desktop.
Incident Management, Incident management, reporting and response involves identifying,
Reporting and analyzing, reporting, and responding to IT security incidents including
Response taking corrective and preventative action.
Physical and environmental security refers so providing adequate
physical and environmental protection for a local government's ICT
assets to prevent unauthorized access, use or destruction.
Physical and
Physical security describes the physical measures to deny access to IT
Environmental
systems, networks and information from unauthorised persons.
Security
Environmental security includes all other non-physical security measures
to systems, networks and information, such as virtual private networks,
antivirus and other malware strategies and redundancy.
Network and Network and communications security involves taking measures to
Communications secure local and wide area networks, voice communications and internet
Security links.
Change Management Change management from an IT security perspective, is the process for
directing and controlling alterations to the information processing
environment. This includes alterations to desktop computers, the network,
servers and software, but typically refers to changes in
 processes and workflows that can become disruptive if not managed
properly.
Version control is the process of managing multiple versions of software
Version Control
and electronic files.

Project management

Project management is the discipline of planning, organizing, controlling, and managing

resources to achieve specific goals.

Project management definitions 

Element Definition
Project Project initiation is the process of defining the scope of the project. May involve
initiation establishing the scope, a project charter, and preliminary project plan.
Project planning refers to the process of establishing a project plan detailing how
a project is to be accomplished within a certain timeframe and with given
Project
resources. A project plan usually identifies various milestones and/or stages of a
planning
project and the timeframes in
which they are to be completed.
Project execution refers to the process of carrying out or implementing the
Project
project. Project Execution is the implementation phase of the project plan, and is
execution
commenced once the project planning phase is complete.
Monitoring and controlling refers to the process of monitoring progress of the
Monitoring and
project with regard to the project plan, and controlling resources to ensure
controlling
delivery of the project on time and within budget.
Project closing is the process of completing project deliverables, reviewing the
Project closing outcome of the project against objectives, documenting the lessons learnt,
archiving project records and releasing project resources.8

 8.'Project Management', Project Management Institute, taken 24/9/2012.

Getting started – implementing the ICT Strategic Framework

The ICT Strategic Framework identifies the key elements for the effective management of
information and technology, to ensure that corporate information and ICT systems are secure,
protected, tested, controlled, developed and maintained in line with corporate objectives and
respond to emerging trends. The information required, processes and outputs of the ICT Strategic
Framework are detailed below:
What information do I have to gather?

The following information should be gathered before the ICT Strategic Framework is
implemented. It is important that initial planning occurs to ensure that your local government is
able to fully implement the framework and gain a clear understanding of current capacity.

ICT Supporting Documentation – Identify what strategies, plans, policies, and procedures
outlined in the ICT Strategic Framework your local government already has in place.

Local Government Strategic Community Plan – In implementing the ICT Strategic Framework it
will be beneficial to understand the long term vision of your local government and the role that
ICT contributes to that. This will assist you to develop action plans that are appropriate to your
local government in terms of your present position on the ICT Maturity Model, and where your
local government aspires to be.

Challenges and Opportunities – Identify what challenges and opportunities the ICT Strategic
Framework presents your local government.
– What are the key ICT issues facing your local government?
– How can implementation of the ICT Strategic Framework assist in addressing these issues?
– What are the IT and IM risk factors facing your local government?
– What are the priority areas for implementation of the ICT Strategic framework?

Internal and External Trends/Issues – What are the internal and external issues and trends that
may influence implementation of the framework?

ICT Resourcing Capability – Understand the capacity and capability of your local government to
implement the ICT Strategic Framework, with the ICT resources that you have available. The
framework provides templates, example policies, strategies, plans and other key documents that
your local government may adopt or adapt to suit your requirements.
What do I have to do?

During implementation of the ICT Strategic Framework, the following steps may be useful:

 ICT Maturity Model – Complete the ICT Maturity Model self-assessment tool provided.
 ICT Baseline – Determine where your local government is on the ICT Baseline standard.
 ICT Risk Assessment – Conduct an ICT risk assessment based on where your local
government is on the ICT maturity model and ICT Baseline.
 Priority Areas – Identify priority areas for implementation of the ICT Strategic
Framework.
 ICT Resource Capability Analysis – Conduct ICT resource capability analysis to
determine your capability for implementing the ICT Strategic Framework.
 Action Plans – Develop an action plan appropriate for your local government.

What do I end up with?

 Key ICT documents such as policies, plans, strategies and registers required as a
minimum baseline to enable effective management of ICT within local government.
 A self-assessed classification of ICT maturity on the local government ICT Maturity
Model.
 An understanding of where your local government is on the ICT Baseline.
 An action plan to target key areas under the ICT Strategic Framework.

Information Technology Supporting Documentation

The Information Technology Framework Supporting Documentation supports the Information

Technology Framework by identifying the types of documents (strategies, policies, schedules
and plans) that should be in place to effectively manage information, communications and
technology. The supporting documentation schedule identifies the baseline IT standard for local
government, which is the proposed minimum standard for managing local government
information technology.

Emerging IT
Infrastructure
Governan Trends and Business Systems Business Project
and Security
ce Technologi and Applications Continuit Management
Technology
es y
Business
Case*

Project
Systems Schedule**
ICT
Documentation*
Acceptable
Project Risk
ICT Usage Policy*
Social Systems Test and Register**
Strategic
Media Implementation IT Security
Plan* Systems IT
Policy** Plans** Policy* Project
Documentation Disaster
Communicati
ICT ** Recovery
Online Website and Password on Plan
Annual Plan*
Services Intranet Business Policy*
Business IT Asset
Plan** Plan Project
plans* Register** Backup
Security Statement
Policy*
Cloud Website Audit (defines
Risk IT Asset
Computing Accessibility Policy scope and
Manageme Management IT Risk
Policy Policy deliverables)*
nt Strategy Plan** Assessme
Incident
and Plan* nt
Bring- Systems Upgrade Response Project Status
IT Asset Matrix**
Your-Own- Policy Policy Report**
Internal Replacement
Device
KPIs and Policy IT Risk
Policy Software Asset Incident Project Issues
Service Mitigatio
Management Manageme Register**
Level Infrastructure n Plan**
Open Data Policy nt Plan**
Agreement Capacity Plan
Policy Project
s
Change Quality Plan
Virtualisation
Management/Vers
Policy**
ion Control Policy Project Plan*

Post
implementati
on Review**
Asterisks represents suggested minimum requirements to meet the standards below. Those
without an asterisk are the advanced (ideal standard). The actual level of uptake needs to be
determined by each local government based on its size and specific business requirements.

* ICT Baseline standard

** Intermediate (Recommended) standard

What is information management?

Information management is the term used to describe all activities concerned with the use of
information in all its forms. More formally, information management is defined as the means by
which an organisation plans, identifies, creates, receives, collects, organises, governs, secures,
uses, controls, disseminates, exchanges, maintains, preserves and disposes of its information; as
well as any means through which the organisation ensures that the value of that information is
identified and exploited to its fullest extent.

What is the Information Management Framework?

The Information Management Framework provides a high level framework for the effective
management of information within a local government. The framework identifies the aspects of
information management that should be considered to ensure that information is captured, stored,
accessed maintained and disposed of securely and effectively.

The Information Management Framework has been adapted for Western Australian local
governments from the Queensland Government Information Management Policy Framework,
developed by the Queensland Government Information Office. The Framework represents the
discipline of Information Management as comprising seven key elements:

1. Knowledge Management – the practice of extracting extra value from our information,
including analysis and reporting.
2. Governance – policy, governance, architecture and direction for information and
information management.
3. Security – confidentiality, integrity and availability of information in line with ISO 27001
and other relevant standards.
 4. Information Asset Management – full lifecycle management of information as an asset
and classifying and cataloguing it so it can be found and used.
5. Information Access and Use – sharing, licensing and use of information so it's easy to
find and able to be exploited as widely as possible.
6. Record Keeping – ensuring legislative and regulatory requirements are met in the
handling of our information.
7. Data Management – management and maintenance of the data that underlies our
information.

The framework has been designed with Knowledge Management as the highest level and Data
Management as the lowest level activity with Record Keeping in the middle representing that it
is central to all information management activities. Governance and Security apply to all aspects
of the framework. The key elements are each made up of a number of lower level elements.
Together, these elements describe the discipline of managing each of the key elements identified
within the framework.  It is important to consider how the elements interrelate when using and
implementing the framework.

Information Management Framework

Information
Knowledge Information
Governanc Information Asset Record Data
Managemen Access and
e Security Managemen Keeping Management
t Use
t
Business Information Access Information Access and Records Data
Intelligence Managemen Management Asset Accessibility Managemen modelling
t Strategy Classificatio t
Data mining Authenticatio n Intellectual Data
Information n Property Capture and Integration
Knowledge Managemen Meta data Creation
transfer t Policy, Security Licensing and Data
Principles Audit Custodianshi Rights Collection Cleansing
Analytics and p Management Managemen
Architectur Remote t Data De-
Reporting e Access Privacy and duplication
Confidentialit Retention
Succession Information Incident y and Data
Planning Risk Detection, Disposal Warehousing
Managemen Management, Copyright
Meta t Reporting Conservatio Data
 Conversion
Sharing and
Information and 
Exchange
Quality and Response n and Transformatio
Managemen Preservation n
Search and
t Physical and
Discovery
Environment Archiving Data Quality
Information al Security and Integrity
knowledge Pricing
Governance Retrieval
processes Change and Access Data Capture
Publishing
Management
Monitoring / Version Digital Data
Freedom of
and Control Continuity Migration
Information
compliance
(FOI)
Data Format

Defining the key elements of the Information Management Framework

A definition of the terms used to describe the key elements of the Information Management
Framework is provided in the following schedule. The definitions of the Information
Management Framework have been taken from (and in some cases adapted from) the
Queensland Government Information Management Policy Framework Definitions, 2009.

Information governance

Information governance is the system by which the current and future use of information and its
management is directed and controlled.9

Information ggovernance definitions

Element Definition
Information management strategy defines the future strategic direction
for the utilization and management of information as a valued core
Information strategic asset.
Management Strategy
and Planning Information management planning is concerned with ensuring that
information and its management aligns with strategy and conforms to
legislative and policy requirements.
Information
Information management policy, principles and architecture provide
Management, Policy,
direction and guidance with respect to information management
Principles and
activities, ensuring alignment with business requirements.
Architecture
Information Risk Information risk management adapts the processes and practices of risk
Management management and applies it to information management.10
Information quality management adapts the generic activities of quality
Information Quality
management (i.e. coordinated activities that direct and control)
Management
information management.11
Information governance processes are the specific processes that
Information Governance
deliver information governance including the assigning of information
Processes
governance roles and responsibilities.
Monitoring and compliance are the measures and controls in place to
Monitoring and monitor compliance of information management controls, guidelines
Compliance and procedures. Includes audit logging of systems, identification of
anomalies, incident handling provisions.

9. 'Information Governance', Standards Australia, ISO/IEC 38500:2008 Corporate Governance

of Information Technology, 2008, p. 6.
10. 'Risk Management', adapted from Queensland Government Chief Information Office, Best
Practice Guide: Information Risk Management, 2002, p. 4-5.
11. Information Quality Management', Standards Australia, AS/NZS ISO 9000: 2006 Quality
management systems – Fundamentals and vocabulary, 2006, p. 9. 

Knowledge management

Knowledge management is concerned with improving organizational outcomes and learning,

through maximizing the use of knowledge and capturing and applying learnings.

Knowledge management definitions

Element Definition
Business Business intelligence is concerned with supporting better decision making by
Intelligence analysing internal and external information.
Data mining is concerned with retrieving hidden patterns and relationship from
Data Mining
data.
Analytics is concerned with the application of rigorous statistical tools and
Analytics
techniques to an agency's information in order to improve decision making.
Data Data warehousing is concerned with collecting and storing data to support
Warehousing decision-making.
Knowledge Knowledge transfer is the process of transferring knowledge from one part of
Transfer the organisation to another, to ensure its availability for future users.12
Reporting in this context is concerned with large scale report generation from
Reporting
data warehouses.
Meta-knowledge Meta-knowledge is knowledge about knowledge.
Succession Succession planning is the planning for the retention and transfer of knowledge
Planning within the organisation as part of the succession planning process.

Information asset management

Information asset management is concerned with valuing and managing information assets with
the same rigour as that applied to other strategic assets.

Informationasset management definitions

Element Definition
Registration is the recording of an information asset in a repository for
Registration information management purposes for example, an Information Asset
Register.
Information asset classification is the arrangement of information into groups
Information Asset or categories according to established criteria, such as public, sensitive,
Classification private or confidential.13  An example of criteria for arranging information
assets is the Keyword AAA.
Metadata is data that describes the information asset such as file name,
Metadata
author, title, date, subject, location.
Information custodianship is the assigning of responsibilities to an individual
(or group), who ensures that the information asset is appropriately identified
Custodianship
and managed throughout its lifecycle and is accessible to appropriate
stakeholders.

Information access and use

Information asset access and use management is concerned with how information is to be
accessed, exchanged and used, by whom and on what terms.

Information access and use definitions 

Element Definition
Access and accessibility is concerned with both:

Access and How access to government information is maximized for use and reuse.
Accessibility
Ensuring that all reasonable steps are taken to minimize social, economic and
geographic disadvantage to accessing information.
Intellectual Intellectual Property protects the legal rights resulting from the original,
Property creative and intellectual effort of individuals and organizations. Government
copyright protected information has many forms, including public sector
information, literary and artistic works,
computer programs, databases, film and sound recordings; along with
 intellectual property in inventions, plant breeder's rights, circuit layouts,
trademarks and designs.14
Licensing and Licensing is concerned with determining and managing the rights of use of
Rights government information to be granted under a licence. For the purpose of this
Management framework, licensing includes rights management.
Privacy in the context of information management, is how personal
information is collected and handled by government. This extends to an
Privacy and
individual's right to privacy and to access and amend their personal
Confidentiality
information. Confidentiality is the practice of ensuring that information is
only accessible to those authorised to have access.15
Copyright law grants exclusive rights to creators of original works of
Copyright
authorship.16
Sharing and exchange is concerned with the sharing or exchanging of
Sharing and
information between local governments, with other government and other
Exchange
organizations.
Search and discovery the process of searching and identifying all relevant
Search and
documents, data and information, such as required when handling requests
Discovery
under the Freedom of Information Act (1992).
Pricing is concerned with the transparent and consistent pricing of
Pricing
government information.
Publishing is concerned with assembling information into a desired format
and disseminating it to a wide target audience, generally the public.
Publishing
Examples of the output of publishing include an agency website or a
Government Gazette.
Freedom of Information relates to providing access to documents and
information under the Freedom of Information Act (1992).
Freedom of
Under the FOI Act, local governments are required to assist the public to
Information (FOI)
obtain access to documents at the lowest reasonable cost and to ensure that
personal information held is accurate, complete, up to date and not
misleading.17

Recordkeeping

Recordkeeping is the process of making and maintaining complete, accurate and reliable
evidence of business transactions in the form of recorded information.18

Recordkeeping definitions 

Element Definition
Records The efficient and systematic control and maintenance of records, including the
Management maintenance of their integrity and authenticity.
Record Creation The act of bringing into existence and/or accumulating evidence of business
and  Capture activities, i.e. records, and undertaking a deliberate action which results in the
 registration of the record into a recordkeeping system.
In the context of this framework, collection management is concerned with
managing a collection of information throughout its lifecycle. Examples of
collections include:
Collection
ƒƒ collections that are permanent in nature (e.g. archives)
Management
libraries

Museums.
Archiving is the process of transferring inactive records from current storage
Archiving
areas to a repository for long-term storage, preservation and access.19
Retrieval and access of records is concerned with ensuring there are
Retrieval and
appropriate means of finding, retrieving, using and making sense of the
Access
records.
Retention and disposal is concerned with defining the temporary or permanent
Retention and
status, retention periods, disposal triggers and consequent disposal actions
Disposal
authorized for classes of records.
Conservation embraces those processes or actions necessary to ensure the
continued survival of collections without further degradation. Preservation is a
Conservation
conservation activity involving processes and operations for both physical and
and Preservation
electronic material that prevent loss of information and minimises any
deterioration over time.
Digital The planning and processes for ensuring digital records remain accessible
Continuity despite the obsolescence of hardware and software formats and media.

Data management

Data Management is concerned with valuing and managing data as a strategic asset of local
government with the same rigour as that applied to other strategic assets.

Data management definitions

Element Definition
Data modelling is a method used to define and analyse the data
Data Modelling requirements needed to support local government processes and service
delivery.20
Data integration is the process of combining data residing at different
Data Integration
sources and providing the user with a unified view.21
Data Quality and Integrity is an assessment of data's trustworthiness and
Data Quality and
fitness for purpose, with respect to its accuracy, completeness, timeliness,
Integrity
relevance, transparency and consistency.22
Data cleansing is concerned with detecting and correcting or removing
Data Cleansing
corrupt or inaccurate data.23
 Data de-duplication is concerned with the elimination of redundant data to
Data De-duplication
reduce required storage capacity and establish a source of truth.24
Data capture is concerned with the collection, manipulation, interpretation
Data Capture
and storage of data.
Data migration is concerned with transferring data between either storage
Data Migration
types, formats or computer systems.25
Data type is the classification identifying the type of data (e.g. real-valued,
integer or Boolean), the possible values for that type; the operations that
can be done on values of that type; the meaning of the data; and the way
Data Type and
values of that type can be stored.26
Format
Data formats define the standard way that information is encoded in a
computer file, such as .doc, .xls, .jpg.27
Data conversion is the process of converting data from one format to
another.28
Data Conversation
and Transformation
Data Transformation converts data from a source data format into
destination data.29
Data warehousing is concerned with collecting and storing data to support
Data Warehousing
decision-making.

Information Management Framework ssupporting documentation

The Information Management supporting documentation supports the Information Management

Framework by identifying the types of documents (strategies, policies, schedules and plans) that
should in place as a baseline, to effectively manage information. Information
Management Framework supporting documentation 

Informatio
Informatio Data
Governan Knowledge Information n Asset Record
n Access Manageme
ce Management Security Managem keeping
and Use nt
ent
Informatio Information Information Manageme Privacy Record Data Entry
n Management Security Policy* nt Policy Policy* Keeping Standards
Governanc Strategy** Plan*
e Policy Information Informatio FOI Document
Succession Security Audit n Asset Information Retention Naming
Informatio Planning/Workf and Review  Register Statement* and Convention
n orce Plan** Schedule** Disposal
Manageme Informatio Data Schedule*
nt Policy n Asset Confidential
Custodian ity Digitization
Informatio Policy Agreement* Policy*
 Digital
Record

Keeping (of
* source
n
records)
Manageme
Data Policy**
nt
Sharing
Standards
Agreements Recordkeepi
ng for
Social
Media
Policy**

Asterisks represent the suggested minimum requirements to meet the standards below.  Those

without an asterisk are the advanced (ideal standard). The actual level of uptake needs to be
determined by each local government based on its size and specific business requirements.

* ICT Baseline standard

** Intermediate (Recommended) standard