Assessing information management functionality in business systems
The Digital Continuity 2020 Policy plays a key role in supporting the Australian Government’s digital transformation initiatives, by assisting agencies to fully understand and realise the benefits of their information assets and ensuring that information is available and usable for as long as it is required.
The Business System Assessment Framework provides a consistent, streamlined, risk-based approach to the assessment of information management functionality in business systems. It is based on Part 3 of ISO 16175 Principles and Functional Requirements for Records in Electronic Office Environments.
The Business System Assessment Framework
The Business System Assessment Framework will enable your agency to better manage its business information through:
- assessing information and data risks and values
- identifying the systems functionality required to manage information and data appropriately
- providing solutions to address gaps in a system's ability to manage information and data
- ensuring greater accountability and transparency.
The framework recognises that not all information and data is of equal value. It has been developed so that business systems managing high-risk or high-value information and data undergo a more extensive assessment than systems managing low-risk or low-value information and data.
The framework can be used to build functional specifications for new systems and applied to existing systems. It is suitable for use by information management practitioners, business owners and ICT staff.
Note: The framework does not apply to Electronic Document and Records Management Systems (EDRMS) as they are covered by Part 2 of ISO 16175 Principles and Functional Requirements for Records in Electronic Office Environments, which requires more comprehensive functional requirements than Part 3.
Online tool pilot
To complement the Business Systems Assessment Framework suite of products, the Archives is piloting an online tool to further support agencies to assess the information management functionality of their business systems. The tool has been designed to:
- make it easier to consistently assess the information management functionality in business systems
- seamlessly guide users through the framework
- provide evidence that appropriate rigour has been undertaken assessing functionality
- identify risks and potential issues associated with a lack of information management functionality.
- assist development of system information management plans.
We welcome your feedback about the usability or content in the online tool through the Agency Service Centre.
Before you begin
The framework is part of a larger suite of information governance tools. To assist with assessing your business systems, you should have:
You need to identify the systems in your agency. One way of doing this is to create a systems register listing all the business systems in use in your agency including any legacy systems. The register should list key details about the system including name, version, business owner and a summary of the type of information held. It should also indicate where systems are linked to, and relied on by, other systems. The details in the systems register will help you to prioritise which systems to assess. High-risk and/or high-value systems should have priority.
Identifying all the systems in use will help you keep track of where you are up to with your assessments. If you do not have a systems register, a good place to start to identify systems would be your ICT area. You may also be able to draw on information from your business continuity plan, Check-up Digital assessments or information review findings.
System information management plan
The assessment of each system should be documented in a system information management plan template The plan should:
- link to your systems register and other information governance documents
- cover all relevant information about the system including software, business owners, how it will be managed over its life and details about its assessment against the framework
- extend to systems and technology hosted in the cloud, or via social media and mobile devices.