Last updated:

What is information management

Information and data are included in the definition of 'record' under the Public Records Act 1973 and must be managed in accordance with PROV Standards, including relevant Retention and Disposal Authorities.

In a digital world, information may refer to part of or all content in a message, chat, document, photograph, image, map, database, system, or other collection of facts. Information management is the way in which an organisation creates, receives, collects, governs, organises, secures, controls, identifies, uses, spreads, maintains, preserves and disposes of its information.

 

Why is it important to manage information well?

Information is critical in every aspect of business.

Without accurate information that is relevant to business functions and operations, the organisation will fail. Operations will be ad hoc, inconsistent, inaccurate and misleading. Accountability will be impossible, as actions will not hold up when investigated.

When information is managed well, it is accurate, reliable, understandable, useable and can explain and justify decisions.

Information must be documented in context to remain understandable and useable. Context includes details about:

  • the technologies used to capture the information
  • the processes the information was generated, managed and used within
  • the web of rules that the information is bound by (including policy and technical requirements)
  • the time period it was captured, managed and used in, by whom, and for what purpose.

Ways to document context include classification schemes, naming conventions, procedures, metadata schemes and technical specifications. 

 

How is information managed?

The primary aim of information management is to ensure the right information is available to the right person, in the right format and medium, at the right time. It is also the means through which the organisation ensures the value of that information is identified and utilised.

The Victorian Government Information Management Framework provides a shared direction for government and agency information management practice. It is the basis for the information management maturity assessment program (IMMAP) administered by PROV. Questions used in the IM3 tool as part of IMMAP are based around five areas (or dimensions) of information management. They are:

  • People
  • Organisation
  • Lifecycle and Quality
  • Business Systems and Processes
  • Data Integrity.

Information management maturity

The People dimension of information management refers to the responsibilities, capabilities, knowledge and skills that individuals need for information to be managed well.

Every staff member should be aware of their information management responsibilities. These include understanding the information needs and obligations of the organisation and its stakeholders, as well as the role and value of information as assets within the organisation.

Staff need to develop and maintain the skills and knowledge required to use and manage information responsibly, effectively and in proportion to their roles. Skills and knowledge require constant updating to remain relevant, especially as technologies used are in a state of continuous change.

Information management capabilities include being able to locate, access, understand and use information to carry out actions and make decisions effectively in relation to the business functions that staff are undertaking.

The Organisation dimension of information management refers to the structures in place that enable information to be managed consistently and in line with the Organisation's strategic direction.

A governance committee or similar structure can provide overall strategic direction regarding information management for the organisation. This enables mechanisms for accountable decision making and compliance with requirements to be aligned across the organisation.

Apart from information management, the committee should include representatives from other relevant areas of the business, like data management, information technology, cyber security, privacy and procurement. The committee enables ownership and leadership to be clear across the organisation and coordinates actions when addressing areas of significant risk.

An information management strategy captures an organisation's vision for its desired information management environment, provides a roadmap to achieving this vision and aligns with the organisation's broader environmental context.

Strategically aligning information management with other business strategies assists with communicating the importance of information management to all business areas (including the executive) by showing how information relates with specific business functions, processes and actions. It also enables potential conflicts between business strategies to be identified and addressed.

Regular audits can identify gaps or problems and help with the development of effective solutions. Reporting audit results to the executive and relevant business units enables the necessary improvement or remedial actions to be supported, undertaken and for progress to be monitored.

The Lifecycle and Quality dimension of information management refers to the mechanisms required for information to be accurate, relevant and managed effectively across its lifespan.

An information asset register documents information as assets so they can be effectively managed as part of an asset management program. This includes documenting links between the assets and information requirements, ownership and lines of responsibility, key technical requirements, and whether the asset is high value or high risk. Once the assets are documented in the register, they can be managed in accordance with their value and needs over their lifecycle using policy and procedures.

Information management policy addresses broader requirements of Victorian government within the context of the organisation. Victorian government requirements include the Standards provided by PROV, the Office of the Victorian Information Commissioner and Department of Government Services.

Procedures place requirements within the context of specific processes to address business and user needs. An information needs analysis can be conducted to ensure that staff have access to information that meet their current and future needs. Results will provide a framework for future action, including risk mitigation.

Information usability addresses how accurate and relevant information is collected, organised, described, presented, defined and shared. Information reuse addresses the ability of organisations to share information using common standards and licenses. Victorian government encourages the reuse of information where practical. For more information on reuse, see the data access policy provided by DataVic.

The Business Systems and Processes dimension of information management refers to the tools used for information to be available and remain relevant to business functions.

Information architecture is the design, arrangement and layout of an organisation's information and the inter-relationships of information systems. It outlines how an organisation's information and records must be described and organised, making it easier for information to be delivered in the correct context to the right people. Information architecture may be related to other architectures that make up the organisation's enterprise architecture.

Information is likely to be held in several different systems. Business processes and systems described in the architecture need regular review as part of a program of improvement. Systems should be effectively managed over their life, from acquisition to decommissioning, to ensure their integrity, reliability and performance. Legislative and regulatory requirements also need to be addressed, including privacy and security. For information on privacy and data security, refer to the Office of the Victorian Information Commissioner, and for health records refer to the Health Complaints Commissioner.

Documenting technologies, including how and when they are used, enables them to be explained, audited and reported on. Organisation's should plan for rapid technological change as systems, applications and platforms are updated, adjusted and become obsolete. Plans may need to address changing access requirements, migration of information, and application or adjustment of essential policy such as retention and disposal authorities.

Any system that manages information must ensure that records:

  • can be proven to be genuine
  • are complete, accurate and can be trusted
  • are secure from unauthorised access, alteration and deletion
  • are findable and readable
  • are related to other relevant records.

The Data Integrity dimension is a reminder that information management cannot be undertaken in isolation, as information contains data and is related to data.

Authorised users need to have access to data and associated assets when required and trust the data is accurate and appropriate. The Victorian Government Data Quality Standard provides an agreed approach to setting and maintaining the quality of data assets. Open data is data that has been made freely or publicly available for use and reuse as long as the source is attributed.

For data sharing, integration and interoperability to occur, the various systems concerned need to be able to communicate with each other. This requires an understanding of related factors such as migration and conversion strategies, metadata schemes, long-term sustainable formats, recordkeeping, retention and disposal policies and risk management.

When embedded in organisational systems, processes, tools and practices, data ethics are designed to minimise harms and promote accountability, transparency and trustworthiness. Ethics also apply to the people that use, monitor, develop and implement systems, processes, tools and practices (for example, public sector personnel must abide by the VPS code of conduct).

To minimise the risk of harm, ethical frameworks should be in place when Artificial Intelligence (AI) technologies are used. For example, the Federal Department of Industry, Science and Resources has a set of eight AI ethical principles to be achieved.

Indigenous Data Sovereignty is the right of Indigenous Peoples to own, control, access and possess data that derive from them, and which pertain to their members, knowledge systems, customs, resources or territories. For information on indigenous data sovereignty refer to the National Indigenous Australians Agency.

Material in the Public Record Office Victoria archival collection contains words and descriptions that reflect attitudes and government policies at different times which may be insensitive and upsetting

Aboriginal and Torres Strait Islander Peoples should be aware the collection and website may contain images, voices and names of deceased persons.

PROV provides advice to researchers wishing to access, publish or re-use records about Aboriginal Peoples

Learn more