MANAGING DIGITAL CONTINUITY

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "MANAGING DIGITAL CONTINUITY"

Transcription

1 MANAGING DIGITAL CONTINUITY Project Name Digital Continuity Project DRAFT FOR CONSULTATION Date: November 2009 Page 1 of 56

2 Contents Introduction... 4 What is this Guidance about?... 4 Who is this guidance for and how should I use it?... 5 What is the context of this guidance?... 5 What is the status of this guidance?... 6 Part 1: Understanding digital continuity Digital continuity: an introduction Digital continuity in brief Digital continuity in practice The impact of change on digital continuity Ensuring digital continuity The benefits of ensuring digital continuity Part 2: What you need to do Managing digital continuity Overview of managing digital continuity Stage 1: Understand digital continuity and recognise the need for action Why you need a whole organisation approach to ensuring digital continuity Actions to take Stage 2: Identify your information assets, IT environment and information utility Why you need to understand your information assets, IT environment and information utility Understanding the relationships between your information assets, utility requirements, and technical environment Actions to take Stage 3: Assess and manage risks to digital continuity Why you need to manage risks to digital continuity Actions to take Stage 4: Manage digital continuity through organisational and technological change Why managing change is key to digital continuity Actions to manage changes that could impact on digital continuity Actions to reduce the potential impact of change on digital continuity Actions to mitigate risks to digital continuity Actions to restore digital continuity Part 3: Who needs to do it Roles and responsibilities for ensuring digital continuity Digital Continuity Senior Responsible Owner (SRO) Senior Information Risk Owners (SIROs) Responsibility Chief Information Officers (CIO) Information Assurance (IA) programme managers and other IA professionals Risk Managers Page 2 of 56

3 3.6 Head of KIM KIM professionals working in the Information and Records Management areas Information Asset Owner (IAO) Chief Technology Officers (CTOs) Enterprise Architects/IT strategists IT Service Managers Procurement managers and commercial and contract managers Business Change Managers, Project and Programme Managers Part 4: How to measure success The digital continuity success model Further reading Page 3 of 56

4 Introduction What is this Guidance about? Digital continuity is the ability to use digital information for as long as you need to, and in the way that you need to, over time and through change. Ensuring digital continuity requires active intervention or information can easily become unusable a liability not an asset. Digital information is particularly vulnerable to loss of usability due to the fast pace of technological change, the complexity of digital systems and services, lock-in to proprietary formats, and the ever-increasing amounts of digital information we create and rely upon. Managing digital continuity should not be seen as a distinct activity, separate from what your business does now. It is not necessarily about new technology and expenditure; it is about managing digital information and business change in a way that ensures the continuity of your information so that you can use it as you want, when you want. Digital continuity means managing risks and maximising cost effectiveness This is pressing because, more than ever, change will be the only constant for Government departments and the wider public sector. And it is when your business needs, technical environments and organisational structures change that you can lose the effective use of essential digital information. Ensuring digital continuity must therefore be an integral part of change management, information management, IT management and information assurance. is developing a service for government, and the wider public sector, that will enable you to assess your specific digital continuity risks and issues, and to plan and take action. This includes a suite of practical, accessible guidance, and a commercial framework of tools and services. This guidance on provides an introduction to Digital Continuity, how it can be ensured, and the roles that need to be involved, and their responsibilities. Page 4 of 56

5 Who is this guidance for and how should I use it? This guidance is aimed at the person or role within an organisation that has been given overall responsibility for ensuring digital continuity the Senior Responsible Owner for digital continuity. The guidance provides an introduction to digital continuity and should be used to: Inform and educate staff on digital continuity Establish roles and responsibilities and a team for taking forward action to ensure digital continuity Begin preparation for assessing and managing risks to digital continuity Take the first steps to embedding digital continuity in Information Management and IT change management This guidance will also be of use for staff with a role in managing digital continuity, such as: Senior Information Risk Owners (SIROs) Chief Information Officers (CIOs) Chief Technology Officers (CTOs) and IT professionals Knowledge and Information Managers (KIM professionals) Information Assurance (IA) Programme Managers Information Asset Owners (IAOs) Change Managers, Programme and Project Managers What is the context of this guidance? This guidance on is part of a suite of practical, accessible guidance that is being delivered as part of the Digital Continuity service for government. We are producing guidance incrementally and in consultation with central government departments. This guidance is part of the high-level, first phase, designed to give you a clear overview of the types of activity and outcomes required to ensure digital continuity. As we work more closely with departments to understand their specific risks and issues, we will produce more detailed and specific guidance. For more information, visit Page 5 of 56

6 What is the status of this guidance? This is a consultation draft, and we welcome feedback to inform the next phase of guidance development. We are also keen to hear about examples of good practice and lessons learned. Please your comments to We will be developing more detailed guidance on how to undertake many of the actions outlined in this document in the next phase of guidance development Page 6 of 56

7 EXECUTIVE SUMMARY This guidance is for your organisation s senior responsible owner for digital continuity. It introduces you to the concept of digital continuity, why it is so important and the high level principles of managing it making sure that information essential to your business is complete, available and usable, and remains so over time and through periods of change. Digital continuity is firmly aligned with or embedded into wider government priorities and agendas, such as the operational efficiency programme, the National Information Assurance strategy and Information Assurance Maturity Model, and the revised Section 46 Code of Practice. This guidance suggests a four stage process your organisation could follow in order to assess and address digital continuity risks and issues, and gives more detailed actions in each section. You may find that you don t need to undertake every action given it will very much depend on the outcome of your digital continuity risk assessment, your risk appetite and your business requirements. But they should give you a clearer idea of the types of action you might consider. The guidance also outlines the types of roles you might want to involve in order to take the cross-organisational and cross-disciplinary actions required and outlines each role s responsibilities and drivers for action. Finally, it gives you success criteria so that, at each stage, you will be able to monitor progress against key performance indicators, and assess if you are successfully managing your digital continuity. By going through the four-stage approach outlined on the next page you can be confident that you are managing digital continuity coherently and effectively. You can tailor activities to suit your organisation s specific requirements and priorities, but each of the stages should help you to understand, assess and address risks to digital continuity, any existing issues, and embed digital continuity management in your organisation. Page 7 of 56

8 1. Understand digital continuity and recognise the need for action Ensure your Senior Information Risk Owner (or equivalent) is aware of digital continuity Assign a Senior Responsible Owner (SRO) for managing digital continuity Ensure Information Technology (IT), Information Assurance (IA) and Knowledge and Information Managers (KIM) managers understand digital continuity and their responsibilities Establish a multi-disciplinary team to take action Engage IT providers on the issues, and their responsibilities Include managing digital continuity as a driver in relevant strategies Build a business case for further action 2. Identify what information assets you have, their technical environment and how you want to use them Get SIRO agreement to use your Information Asset Register (IAR) to support managing digital continuity Identify your information assets Define the business utility of your information (how your business needs to use the information it has) Understand the technical environment supporting your information Compile a full Information Asset Register Ensure your information assets have accountable owners Identify areas of potential risk Identify savings and efficiencies 3. Assess and manage risks to maintaining digital continuity Create a framework for managing risk Undertake a risk assessment Create and implement a prioritised digital continuity action plan Embed ongoing digital continuity risk assessment Page 8 of 56

9 4. Manage digital continuity over time and through organisational and technological change Assess the impact of organisational or business change on digital continuity Assess the impact of asset, information management or IT change on digital continuity Reflect digital continuity in business plans and enterprise architectures Standardise your technical environment Embed digital continuity in the management of your information assets Take action to mitigate the risks to digital continuity Resolve issues and restore digital continuity We are developing guidance incrementally, in consultation with central government departments, and to reflect learning from the digital continuity risk assessments that we are carrying out. This guidance is intentionally high level it s only phase one. Its aim is to help you to understand what actions you may need to take in order to manage digital continuity. It does not tell you how to take those actions. This will be covered by the second and third phases of our guidance, which will be made available on our website in draft form as we produce them: If, after reading this document, you would like to put forward suggestions for the more detailed how to guidance you would like, please let us know. your suggestions to marking your for the attention of the guidance workstream. Page 9 of 56

10 PART 1: UNDERSTANDING DIGITAL CONTINUITY 1. Digital continuity: an introduction This section of the guidance will help you to understand the concept of digital continuity and the high-level principles of how to manage it. Information is a valuable asset that must be safeguarded. In the case of information held by public authorities and businesses.people want to be certain that it is held securely, maintained accurately, available when necessary and used appropriately Sir Richard Mottram, Foreword, National Information Assurance Strategy. Authorities should know what records they hold and where they are, and should ensure that they remain usable for as long as they are required The Lord Chancellor s Code of Practice on the Management of Records Digital continuity in brief Digital continuity is the ability to use digital information for as long as you need to, and in the way that you need to, over time and through change. Ensuring digital continuity enables you to work efficiently and effectively, while safeguarding the information you rely on to operate legally, accountably and transparently. It s an essential part of good information, IT and business change management. The need to ensure digital continuity is now embedded into wider government priorities and agendas. For example, it is included in Section 46 Code of Practice; the National Information Assurance strategy and the Information Assurance Maturity Model and Assessment Framework, and the new Office of Government Commerce (OGC) model agreement for ICT services. For more detail, visit Page 10 of 56

11 1.1.2 Digital continuity in practice You have ensured your digital continuity when your digital information continues to be: Complete: Everything you need to use and understand the information is there including the content and context, such as metadata so, for example, you have still got links to external files or you have maintained important connections between files and metadata. Available: This means you can find what you need and it can be opened with available technology so, for example, your information is stored in formats or systems that are not obsolete, and in the right versions for processing using existing IT applications. Usable: That means that it is fit for purpose and can be used in a way that meets the business needs of the organisation so, for example information is not locked into formats or systems that restrict your ability to use or re-use it, or restrict the tools you can use to process it. Managing digital continuity means ensuring that the IT you have supports the information you have in the way you need to use it not just today, but as technology and business needs change and digital information ages. Page 11 of 56

12 1.1.3 The impact of change on digital continuity Digital information is particularly vulnerable to change. It is reliant on complex systems, formats and media to support it, and the expertise and understanding of the people who manage it. Ensuring digital continuity depends on managing change in a way that ensures you can continue to access your information assets - and managing your information assets and IT in a way that gives you flexibility to reduce the risks arising from change and seize on the opportunities it brings. The changes that pose a risk to digital continuity include those to: technology and the information assets themselves policies and processes that govern how the information is managed the organisational structures that create and use the information and the business drivers that determine how the information needs to be used For example, the software applications used to create most public sector information are constantly changing and evolving if these applications no longer support the information you have previously created then you have a continuity problem. If your business needs change, for example after machinery of government changes, or to respond to new opportunities and challenges, the way you need to use information could change too. You will have continuity issues if your information assets, information management and IT systems do not support the way you now need to use your information, or you lose vital expertise in the formats and systems in which they are managed. Information assets can also be changed by the way you manage them for example if you migrate information into new formats or systems you could change or lose essential metadata or functionality you will have a continuity issue if this leads you to being unable to find or use the file as you need to. Page 12 of 56

13 1.1.4 Ensuring digital continuity Ensuring digital continuity involves making sure that your information assets and your technical environment provide the use you need from your digital information and that this usability is maintained as your organisation and technology changes. Ensuring this drives operational efficiency because it helps to ensure that you are working optimally, and not supporting capability or resource that the business does not need. Digital continuity can only be ensured when your business utility, technical environment and information assets are aligned and continue to be aligned through change. In other words, when: You know what digital information assets you have and the nature of the technical environment that supports them. You understand how you need to use them the utility you need from the information, including what information to keep, who needs to use it and in what way now and in the future. And you then make sure that your technical environment and way you manage your information assets support and provide this utility, keeping this alignment through change thus ensuring that digital continuity is ensured and maintained Aligning your information assets, technical environment and business needs may sound obvious, but they can easily change relative to each other, and slip out of alignment if these changes are not effectively managed - leaving you with information assets you can t use, or technology supporting information in a way that doesn t meet your needs. At best this creates inefficiencies. At worst it can result in the loss of the information you need. This requires ongoing planning and action and collaboration between those responsible for information management, IT, business change and information assurance to manage the operational changes that could put your digital information at risk. The digital continuity service will provide guidance, and a framework of tools and services, to support you in this. Page 13 of 56

14 Information Assets Technical environment unrequired assets unnecessary support complete available usable: digital continuity unrequired capability unsupported assets unused capability unfulfilled utility Utility Diagram 1: ensuring digital continuity This diagram shows where you will need to manage these changes and ensure continuity through continued alignment and how ensuring digital continuity can deliver real efficiency benefits, with opportunities to dispose of the information and IT that you do not really need The benefits of ensuring digital continuity Ensuring Digital Continuity will enable you to realise a number of benefits, including: cashable savings and operational efficiency, for example by identifying and rationalising unrequired information assets and unrequired technical capability. avoiding future costs and risk by minimising the impact of change, reducing the risk of losing data and expensive recovery costs and building flexibility into your digital information environment. effective delivery of primary business outcomes by identifying where greater business value can be released from digital information assets to support effective service delivery and information re-use. Legal compliance and public accountability because the information you need is available and usable as and when you need it Page 14 of 56

15 For more information on the benefits, see our guidance on An Overview of the Benefits of Ensuring Digital Continuity 1. 1 See Page 15 of 56

16 PART 2: WHAT YOU NEED TO DO 2 Managing digital continuity This section of the guidance will help you understand the action you need to take to ensure digital continuity. It describes what high level actions are needed - more detailed guidance on how to take this action will be developed as the project progresses. 2.1 Overview of managing digital continuity This guidance will provide an introduction to managing digital continuity through the following stages: Stage 1 Understand digital continuity and recognise the need for action Stage 2 Identify what information assets you have, their technical environment and how want to use them Stage 3 Assess and manage risks to maintaining digital continuity Stage 4 Manage digital continuity over time and through organisational and technological change Diagram 2: Overview of managing digital continuity Page 16 of 56

17 2.2 Stage 1: Understand digital continuity and recognise the need for action This section of the guidance is to help you get started and ensure that digital continuity is widely understood across the organisation. It explains the importance of a collaborative and coherent approach between the relevant parts of the business. Build a business case for further action Ensure your SIRO is aware of digital continuity Assign an SRO for managing digital continuity Include managing digital continuity as driver in relevant strategies Stage 1 Understand digital continuity and recognise the need for action Ensure IT KIM and IA managers understand digital continuity and responsibilities Engage IT providers on issues and responsibilities Establish a multidisciplinary team to take action Diagram 4: Understand digital continuity and recognise the need for action Page 17 of 56

18 2.2.1 Why you need a whole organisation approach to ensuring digital continuity To ensure that digital continuity is managed effectively and comprehensively, and the associated benefits and efficiencies are realised, it needs to be addressed collaboratively at the right levels across the organisation. This means that it needs to be understood and owned by several disciplines, including Information Technology (IT), Information Assurance (IA), Enterprise Architecture (EA), and Knowledge and Information Management (KIM) professionals. This can only happen if senior managers have sufficient understanding of the benefits and risks to champion appropriate governance and action at the right levels in the organisation and across appropriate business units. It is also essential that senior managers understand how ensuring digital continuity can help support strategic priorities around business delivery and creating efficiencies, and that managing digital continuity is a core part of managing information risk. They will need to assess where existing work practices, policies and systems need to be amended to ensure that you are operating in a way that can deliver digital continuity and provide the resources you need to embed this as part of business as usual operation and change management. A Senior Responsible Owner with responsibility for championing digital continuity across professional groups and building a team to deliver digital continuity is crucial to ensure that this issue is understood across the organisation, managed effectively and eventually embedded by your operational teams Actions to take You can undertake these actions now, to kick start your organisation s approach to digital continuity management. 1. Ensure your Senior Information Risk Owner (SIRO) is aware of digital continuity and understands that ensuring it is managed forms part of their responsibility, as a key part of managing information risks. The SIRO needs to ensure a Senior Responsible Owner is appointed to take forward action on digital continuity. Page 18 of 56

19 2. Assign a Senior Responsible Owner (SRO) who is responsible for overseeing digital continuity management in your organisation, ensuring that the right systems and structures are in place, that risks are managed and that the business requirement for digital continuity is expressed in any relevant strategies and plans. The SRO will drive forward action on digital continuity and establish a multi-disciplinary team to deliver digital continuity and identify risks. They should have a clear route for elevating issues to board level as necessary. 3. Ensure that relevant managers across the Information Management (KIM), Information Technology (IT), Enterprise Architecture (EA), Information Assurance (IA) and business change functions understand digital continuity and their roles in exploring the issues. This could be via specific training programmes, presentations on the subject or distribution of fact sheets and other guidance about digital continuity (which is available from 4. Organise a meeting of relevant KIM, IT, EA, IA and business change, such as programme and project management functions, so that they can start to develop a shared understanding of the business utility your organisation needs from its digital information, and how their decision-making and planning need to align to deliver this over time and through change. 5. Agree with the SRO a core project group to take forward work to ensure and embed digital continuity (including meeting the requirements of the Information Assurance Maturity Model) 2 that includes representation from the relevant functions and is appropriately resourced. 6. Engage with your IT providers so that they understand digital continuity and that they may have a role in maintaining the usability of your digital information. 7. Include maintaining digital continuity as a key business requirement and driver in your organisation s strategic vision for KIM, IT and IA and incorporate into relevant policies, projects and business planning. 2 See assessment framework_v2.pdf Page 19 of 56

20 8. Build the business case you need to secure the resource to undertake a digital continuity risk assessment and embed digital continuity in the organisation. This should set out the compelling business reasons why your organisation needs information to remain usable over time. For more help with the benefits and drivers behind digital continuity, see An Overview of the Benefits of Ensuring Digital Continuity. Page 20 of 56

21 2.3 Stage 2: Identify your information assets, IT environment and information utility This section of the guidance explains how understanding what information assets you have, the business value and technical profile of those assets, and the nature of the technical environment that supports them enables digital continuity. The actions in this section will support you in using your information asset register (IAR) to manage digital continuity. Diagram 5: Identify your information assets, IT environment and information utility Why you need to understand your information assets, IT environment and information utility Digital continuity can only be ensured when your information utility needs, technical environment and information assets are aligned (see diagram 1). Page 21 of 56

22 To do this, you must first understand what information assets you have, from the perspective of information content and business use rather than systems or media. Understanding and describing your information as assets will help you to ensure that your organisation recognises the value of information and the need to manage and protect its investment in creating it. This will have the added benefit that it will start to drive the culture change you need to become an organisation that values its information, rather than seeing it as a liability. You need to understand what digital information you need to keep, who needs to use it, and how you need to use it, defining the utility you need from it now and over time. Once you understand this utility requirement, you can ensure that your technical environment and the way you manage your information assets, support and provide this utility, and do so in the most efficient way. This will allow you to understand the potential impact of change on the continuity of your digital assets, and to make informed decisions about where to prioritise investment in ensuring the continued usability of your information. This is the route to ensuring digital continuity. It should also highlight where savings can be made by not maintaining information or technical support unnecessarily By business utility of information we mean: a) the digital functionality that you need from your information asset in order for your business to benefit from using it for example, the ability to find it, open it, read it, copy it, edit it, move it, print it off. This functionality is delivered by the technical environment in which the information assets sit. b) the inherent value that can be derived from the information asset as a result of being able to rely on its provenance, and as a result of being able to understand its full meaning and significance from the context it has. This is delivered both by the technical environment and by the implementation of information management business rules that specify audit trails and metadata standards for example. c) the actual or potential relevance and usefulness of the information asset over time, given a) and b), to business or public use, reuse or analysis, legal retention or discovery, to public accountability or to the historic record. Page 22 of 56

23 To build this understanding of your utility, you will need to answer the following questions: What types of information do we create and manage? Who creates which types of information and who is responsible for them, now and over time? How is that responsibility defined? How does the organisation need to use its information, now and in the future? What is its utility both to your organisation and to third parties? Which types of information need to be kept and for how long? Where is each type of information stored and in what format or system? Do we need the functionality these provide? What does our information cost to maintain through its lifecycle to disposal, including creating, using or recreating? Understanding the relationships between your information assets, utility requirements, and technical environment In order to manage the alignment of your information assets, utility requirements and technical environment, you need the capability to map the relationships between the three. You need to be able to relate all relevant elements to each other, in order to understand the impact of change in any one area and identify the most efficient way of ensuring that you get the utility you require from the information you need. We suggest that you exploit your Information Asset Register (IAR) as the primary mechanism for documenting what you know about your information assets, utility requirements and technical environment, and for understanding the relationships between them. The term Information Asset Register has been used to describe both a register of information systems and a register of public sector information available for re-use. A broader Information Asset Register for your organisation, encompassing both of these and more, can play a major role in helping you to address digital continuity. Page 23 of 56

24 In most organisations the IAR has been set up as an Information Assurance tool, championed by the Senior Information Risk Owner (SIRO) and with a focus on information security. However Information Assurance is also concerned with availability and integrity, not just security, and availability and integrity are key outcomes of digital continuity. There should therefore be good synergy between your digital continuity and information assurance objectives, allowing you to develop the IAR for the purposes of digital continuity. An all-encompassing IAR is a conceptual entity rather than a physical entity. In practice, your Information Asset Register is likely to consist of a number of separate registers, documenting particular aspects of your digital information and its environment. It might build on existing Information Asset Registers or use a configuration management system to link the various elements as long as you can understand what information assets you have, what the utility requirements and technical dependencies those assets have, and identify the information assets dependent on each component of your technical environment. In developing your IAR to support the management of digital continuity, you will probably want to take an incremental approach, prioritising information most important to the business. The level of detail you provide depends on your needs, so you may want to start with a highlevel overview, and take a phased approach to developing the underlying detail. At a minimum, you need to identify what information assets you have and who their owners are. Ownership and accountability are key success factors. For every information asset, or sub component of the IAR, there will be an information asset owner. You need to engage this group and explain their digital continuity roles and responsibilities. In many government organisations, the information assets described on the IAR will be managed and/or hosted by a commercial supplier. It is important they understand the digital continuity aspects of the information assets they manage, as a prelude to any action you might want to agree with them on digital continuity going forward. You may also oblige your IT provider to maintain your IAR, and provisions requiring this are included in the new OGC Model Contract for IT Services (you can find guidance on this at: Diagram 6 illustrates our suggested components of an Information Asset Register, and the way in which they map to the alignment needed for digital continuity. Page 24 of 56

25 INFORMATION ASSET LIST Describes information assets, including: Information asset name and description Current format and/or schema Current location Information Asset Owner TECHNICAL ENVIRONMENT REGISTER Describes the current technical environment, including: File Formats Desktop Applications Operating Systems Enterprise Applications Databases File Storage Information Assets Technical Environment unrequired assets unsupported assets unnecessary support complete available usable = digital continuity unused capability unrequired capability unfulfilled utility Utility STATEMENT OF UTILITY REQUIREMENTS: Defines the business utility required from information assets, now and over time - who needs to be able to do what, with which information assets, when, and why? Includes: Information asset business value over time Retention/disposal requirement Required utility over time Diagram 6: A conceptual model of what your Information Asset Register should tell you about your information assets, technical environment and utility requirements Page 25 of 56

26 2.3.3 Actions to take 1. Secure agreement from your SIRO to use your Information Asset Register (IAR) to support digital continuity, developing it to allow you to understand your information assets, their utility and desired usability and their technical environment 2. Identify your information assets o Identify what information assets you have not in terms of the IT system that holds it, but categorise your information from the perspective of its content and business use. o Be sure to address all forms of information generated by your organisation, including that which exists primarily on web platforms 3. Understand your technical environment 3.1 Develop and maintain an understanding of your technical environment. This could be using a specific Technical Environment Register. (The Digital Continuity Project has developed a Technical Environment Register spreadsheet to support risk assessment that may also provide a useful starting point for this). But you could also use outputs from enterprise architecture tools, a configuration management system or other technology management tools you already have in place. These need to allow you to understand: the software applications you use (both desktop and enterprise applications) the platforms and infrastructure on which this software is running planned changes to the technical environment and its expected end of life 3.2 Profile the file formats you are using and creating to understand which are at risk of obsolescence and how soon. You will need to understand: the volume of data you hold its location, its age and technical characteristics of each information asset eg its format, metadata schema Page 26 of 56

27 The Digital Continuity Project is developing its file characterisation tool (DROID) to assist you by identifying file formats and versions. The existing version of DROID is at and a new version should be available by the summer of Ensure you have processes in place and have defined ownership responsibilities to keep information about your technical environment, for example your Technical Environment Register, updated and reviewed regularly for completeness. 4. Define your information utility o Determine how information flows through your organisation and what information is needed to support your business operations, and when, and by whom. Consider the impact of losing the information, or its essential characteristics. This will tell you what information is of business value (both to your organisation and to third parties) and which is not. o Identify what information you will continue to need, how you will need to use it, and for how long. This will ensure you are capturing and keeping the right information and can define its utility and can implement appropriate what to keep retention schedules. o Define the utility you require of your information assets, including what characteristics the information will need to retain in order to meet your business requirements (content, context, functionality etc). 5. Compile a comprehensive mechanism for mapping your information assets, utility requirements and technical environment. You may be able to exploit and develop your IAR to do this. This does not have to be a single document - you can hold this information in multiple places, but you need to ensure you can crossreference various sources of information in the way you need to. o Document the information asset content and context, where the information is located, its current format and structure, and relate this to the technical environment that supports it. Page 27 of 56

28 o o o Ensure that your information asset register allows you to link what you know about the business value and utility requirements of your information asset with what you know about its technical characteristics, to inform decisions about how to manage the continuity of your digital information assets through change. Ensure that you can also understand what information assets are dependent on each component of your technical environment, so that you can see which information assets may be affected by changes to your technology. Establish a process for updating the IAR, with regular review periods to assess completeness and assigned responsibilities for maintaining it. 6. Ensure accountability and ownership through existing information governance structures o Appoint an Information Asset Owner (IAO) for each information asset o Ensure that your utility requirements are agreed and understood by the IAO, who is responsible for championing the requirements and ensuring that they are updated as appropriate. o Ensure that ownership and responsibility for maintaining the IAR itself is clear 7. Use your IAR when contracting with new IT service providers o The Office of Government Commerce (OGC) model agreement for IT services now includes reference to an information asset register as one of registers to be maintained as part of the service configuration management. The IAR needs to be created by the contracting Authority. It is then maintained by the Contractor, who has to assess the impact of any changes on the usability requirements defined for the information assets. 8. Identify misalignments these are risks to digital continuity o Use the work to understand how your information assets, technology environment and utility requirements align to identify information assets that you need to use, but which are currently unsupported by the right technology and so don t meet your business utility requirements this is an area of risk to your digital continuity. 9. Take the opportunity to identify and plan the realisation of savings and efficiencies through providing the right level of continuity for the right information. Page 28 of 56

29 o o o o o Use the work to understand how your information assets, technology environment and utility requirement align to identify unrequired information assets, unrequired technology capability and unnecessary support. Dispose of any information assets that you no longer need Dispose of any technology capability that you no longer need Identify opportunities to downgrade the technology you use to access information or migrate information to different formats, so that your technology mirrors your needs, saving money on expensive systems, unnecessary functionality or high availability. Move the information assets to cheaper, more efficient and effective storage, de-duplicating assets. Page 29 of 56

30 2.4 Stage 3: Assess and manage risks to digital continuity This section of the guidance sets out approaches to help you ensure that you are managing the risk of losing digital continuity. The actions in this section will support you in establishing appropriate governance and risk management structures, assigning responsibility for the management of risk to digital continuity, and assessing your current level of risk. Create a framework for managing risk Embed ongoing digital continuity risk assessment Stage 3 Assess and manage risks to maintaining digital continuity Undertake a risk assessment Create and implement a prioritised digital continuity action plan Diagram 7: Assess and manage risks to digital continuity Why you need to manage risks to digital continuity Risk to digital continuity is an information risk. It should be managed in line with your general information risk management procedures and (for government departments) the CESG Information Assurance Maturity Model 3, and be included in your annual Statement on Control. 3 Page 30 of 56

31 Risks to digital continuity should be recognised at an organisational level, and at a more granular level in the areas of information management, IT management, information assurance and business change. If you do not have appropriate risk management and information governance processes in place, you cannot know whether you are identifying and managing your risk to digital continuity effectively. Undertaking a comprehensive digital continuity risk assessment for your organisation will enable you to quantify the risk you face, identify key areas of concern, and prioritise actions to mitigate your risks. Larger organisations may wish to take a phased approach to risk assessment, tackling priority areas first. Embedding ongoing digital continuity risk management will ensure that you continue to identify and manage your risk to digital continuity Actions to take 1. Ensure that there is a clear framework of roles and responsibilities for identifying and managing risk to digital continuity within your organisation: o Ensure the SIRO recognises risks to digital continuity as an information risk to be managed through the established governance structures. o Ensure your organisational risk appetite is informed by a good understanding of the business value of your information and the consequences of losing it. o Ensure that the assigned Senior Responsible Owner for digital continuity understands the need to manage risks to digital continuity o Identify the specific responsibilities of the KIM, IT and IA teams for managing risks to digital continuity. o Ensure each of your information assets has an Information Asset Owner with responsibility for managing risks to their information asset. Page 31 of 56

32 2. Undertake a comprehensive digital continuity risk assessment for your organisation o Direct the multi-disciplinary digital continuity project team to carry out an initial risk assessment and action planning exercise. This team needs to identify your risks to digital continuity, develop and implement mitigation strategies, and initiate appropriate action. o Organise and undertake an assessment of risks to digital continuity and ensure outputs are reflected in information risk registers 3. Prioritise action you need to take to ensure digital continuity o Identify and prioritise key risks to digital continuity and any existing issues arising from the assessment o Develop an action plan to address these risks to be taken forward by your digital continuity project team, with timescales and resources as appropriate o Monitor the progress of actions to manage risks to digital continuity to ensure they are appropriately implemented and that mitigations have been effective 4. Establish and embed ongoing digital continuity risk assessment and incident management o Incorporate digital continuity into your Information Risk Policy and risk management processes o Maintain a schedule of risks and mitigations for each individual information asset o Develop procedures to periodically test that the accessibility and usability of information assets meets your stated business requirement, testing whether or not you have maintained digital continuity, the effectiveness of mitigations, and whether it faces new risk o Establish a process for the systematic and regular review of risks to the digital continuity of your information assets as part of their lifecycle management o Identify and document any risks to digital continuity that are within your risk appetite and therefore have no planned mitigation o Identify any risks where mitigation or management is dependent on third parties or external suppliers and establish a mechanism for monitoring their progress and compliance o Agree the timing and process for reviewing and repeating your comprehensive digital continuity risk assessment Page 32 of 56

33 o Manage digital continuity incidents and problems through your information assurance incident and problem management procedures, and include them in your incident reporting and metrics Page 33 of 56

34 2.5 Stage 4: Manage digital continuity through organisational and technological change This section explains the importance of managing change in a way that maintains your digital continuity, whether this is minor local change or major organisational change, and outlines how you can manage change to deliver digital continuity. Resolve issues and restore digital continuity Take action to mitigate risks to digital continuity Assess imapact of organisational or business change on digital continuity Stage 4 Manage digital continuity over time and through organisational and technological change Assess impact of asset, IM or IT change on digital continuity Reflect digital continuity in business plans and architecture Embed digital continuity in management of your assets Standardise your technical environment Diagram 8: Manage digital continuity through organisational and technological change Why managing change is key to digital continuity Change is the main context in which digital continuity problems arise. This might be major organisational of machinery of government change, or a series of minor local changes to priorities, IT systems, or ways of working. It might affect the alignment of information assets, technical environment and utility (see diagram 1), or the organisational structures and responsibilities that support the management of risks to digital continuity. Page 34 of 56

35 Anyone who is managing change at any level should consider the impact on digital continuity. KIM and IT teams need to take particular responsibility for safeguarding your organisation s information assets through organisational and technological change by incorporating digital continuity into their change management processes. The ability to access and use information when and how you need to is important to the functioning of your organisation, and digital continuity should therefore be regarded as an aspect of business continuity. Significant change offers the opportunity to identify better ways of doing things. If digital continuity is considered properly in the planning stages, you could realise savings and efficiencies through providing the right level of continuity for the right information. This will enhance your ability to use and re-use your information, and avoid the need to take expensive mitigating actions in future Actions to manage changes that could impact on digital continuity 1. Consider digital continuity when planning and managing business change, including Machinery of Government changes and changing business requirements: o Ensure business change policies and processes identify the information risks that arise in the event of organisational changes and changes to business requirements o Add risk to digital continuity to your change management and project and programme risk registers as appropriate o Include a digital continuity impact assessment in the planning and implementation of business change projects. This must consider whether the business change impacts on the utility you need from the information (how and when information is to be used and by whom), how the information assets are managed and the technical environment that supports them. o Ensure that any new business requirement for using information now or in the future is identified and reflected in the way you manage your information assets and IT. o Ensure that any new information assets received as the result of machinery of government change are incorporated into your digital continuity risk management processes and Information Asset Register. Page 35 of 56

Mapping the Technical Dependencies of Information Assets

Mapping the Technical Dependencies of Information Assets Mapping the Technical Dependencies of Information Assets This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage risks to digital

More information

ITIL Managing Digital Information Assets

ITIL Managing Digital Information Assets ITIL Managing Digital Information Assets Shirley Lacy, ConnectSphere Frieda Midgley, Digital Continuity Project Judith Riley, Digital Continuity Project Nigel Williamson, Digital Continuity Project White

More information

Embedding Digital Continuity in Information Management

Embedding Digital Continuity in Information Management Embedding Digital Continuity in Information Management This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage risks to digital

More information

Identifying Information Assets and Business Requirements

Identifying Information Assets and Business Requirements Identifying Information Assets and Business Requirements This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage risks to digital

More information

Risk Assessment Handbook

Risk Assessment Handbook Risk Assessment Handbook This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage risks to digital continuity Stage 4: Maintain

More information

Change Management for Digital Continuity SROs

Change Management for Digital Continuity SROs Change Management for Digital Continuity SROs This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and address risks to digital continuity

More information

Information Management Advice 39 Developing an Information Asset Register

Information Management Advice 39 Developing an Information Asset Register Information Management Advice 39 Developing an Information Asset Register Introduction The amount of information agencies create is continually increasing, and whether your agency is large or small, if

More information

The Department for Business, Innovation and Skills IMA Action Plan PRIORITY RECOMMENDATIONS

The Department for Business, Innovation and Skills IMA Action Plan PRIORITY RECOMMENDATIONS PRIORITY RECOMMENDATIONS R1 BIS to elevate the profile of information risk in support of KIM strategy aims for the protection, management and exploitation of information. This would be supported by: Establishing

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

Digital Continuity to Support Forensic Readiness

Digital Continuity to Support Forensic Readiness Digital Continuity to Support Forensic Readiness This guidance is produced by the Digital Continuity Project and is available from www.nationalarchives.gov.uk/dc-guidance Crown copyright 2011 You may re-use

More information

Digital Continuity for Change Managers

Digital Continuity for Change Managers Digital Continuity for Change Managers This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and address risks to digital continuity Stage

More information

Information governance strategy 2014-16

Information governance strategy 2014-16 Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope

More information

Digital Continuity in ICT Services Procurement and Contract Management

Digital Continuity in ICT Services Procurement and Contract Management Digital Continuity in ICT Services Procurement and Contract Management This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage

More information

Information Management Strategy. July 2012

Information Management Strategy. July 2012 Information Management Strategy July 2012 Contents Executive summary 6 Introduction 9 Corporate context 10 Objective one: An appropriate IM structure 11 Objective two: An effective policy framework 13

More information

National Approach to Information Assurance 2014-2017

National Approach to Information Assurance 2014-2017 Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version

More information

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4

More information

Document management concerns the whole board. Implementing document management - recommended practices and lessons learned

Document management concerns the whole board. Implementing document management - recommended practices and lessons learned Document management concerns the whole board Implementing document management - recommended practices and lessons learned Contents Introduction 03 Introducing a document management solution 04 where one

More information

Desktop Virtualisation

Desktop Virtualisation Shaping the future of end user services Desktop Virtualisation Seize opportunities before others see them Remember the not-too-distant past?» Traditional thin client systems struggled to gain wide acceptance,

More information

Information Services Strategy 2011-2013

Information Services Strategy 2011-2013 Information Services Strategy Issue 1 1 Introduction The States of Jersey public sector is facing significant pressure for efficiencies and savings. This has created the context to take a fresh look at

More information

Digital Continuity Plan

Digital Continuity Plan Digital Continuity Plan Ensuring that your business information remains accessible and usable for as long as it is needed Accessible and usable information Digital continuity Digital continuity is an approach

More information

Information Governance Strategy 2015-2018

Information Governance Strategy 2015-2018 Introduction Information Governance Strategy 2015-2018 This strategy sets out the approach to be taken within Children s Hearings Scotland (CHS) to develop a robust Information Governance (IG) framework

More information

NOT PROTECTIVELY MARKED. A087 Version 1.0

NOT PROTECTIVELY MARKED. A087 Version 1.0 POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes POLICY TITLE Vulnerability & Patch Management POLICY REFERENCE NUMBER A087 Version 1.0 POLICY OWNERSHIP DIRECTORATE

More information

Department of Energy and Climate Change (DECC) Information Management Assessment Programme Action Plan

Department of Energy and Climate Change (DECC) Information Management Assessment Programme Action Plan Department of Energy and Climate Change (DECC) Information Management Assessment Programme Action Plan # Recommendation Actions Priority High/ Low/ Medium R1 DECC must ensure that where key services are

More information

The Asset Management Landscape

The Asset Management Landscape The Asset Management Landscape ISBN 978-0-9871799-1-3 Issued November 2011 www.gfmam.org The Asset Management Landscape www.gfmam.org ISBN 978-0-9871799-1-3 Published November 2011 This version replaces

More information

CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY 2013-2014

CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY 2013-2014 CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY 2013-2014 1 Version 1.0 CONTENTS Security Risks 3 Information Assurance Risk 3 Spreading Best Practice 3 Reporting Risks Upwards 4 Typical Risk Escalation

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3)

PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3) PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3) 1st February 2006 Version 1.0 1 P3M3 Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce This is a Value

More information

The Scottish Wide Area Network Programme

The Scottish Wide Area Network Programme The Scottish Wide Area Network Release: Issued Version: 1.0 Date: 16/03/2015 Author: Andy Williamson Manager Owner: Anne Moises SRO Client: Board Version: Issued 1.0 Page 1 of 8 16/04/2015 Document Location

More information

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4.

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4. PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN Records Management Policy Version 4.0 Page 1 of 11 Document Control Title: Original Author(s): Owner: Reviewed by: Quality Assured by: File Location: Approval

More information

Scope The data management framework must support industry best practice processes and provide as a minimum the following functional capability:

Scope The data management framework must support industry best practice processes and provide as a minimum the following functional capability: Data Management Policy Version Information A. Introduction Purpose 1. Outline and articulate the strategy for data management across Redland City Council (RCC). This document will provide direction and

More information

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4 3.2 Service description...

More information

TEC Capital Asset Management Standard January 2011

TEC Capital Asset Management Standard January 2011 TEC Capital Asset Management Standard January 2011 TEC Capital Asset Management Standard Tertiary Education Commission January 2011 0 Table of contents Introduction 2 Capital Asset Management 3 Defining

More information

DEPARTMENT OF INNOVATION, INDUSTRY, SCIENCE AND RESEARCH ARCHITECTURE PRINCIPLES. Version: 2.2 Status: ICTSC endorsed

DEPARTMENT OF INNOVATION, INDUSTRY, SCIENCE AND RESEARCH ARCHITECTURE PRINCIPLES. Version: 2.2 Status: ICTSC endorsed DEPARTMENT OF INNOVATION, INDUSTRY, SCIENCE AND RESEARCH ARCHITECTURE PRINCIPLES Version: 2.2 Status: ICTSC endorsed Page 1 of 17 Table of Contents What are Architecture Principles?...3 Further Information...

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Capabilities, Sample Use Cases, Case Studies

Capabilities, Sample Use Cases, Case Studies Capabilities, Sample Use Cases, Case Studies Core capabilities of Diaku Axon Visibility & Understanding Analysis & Alignment Control Measurability Collaborate on a shared understanding of the organisation

More information

Central Sponsor for Information Assurance. A National Information Assurance Strategy

Central Sponsor for Information Assurance. A National Information Assurance Strategy Central Sponsor for Information Assurance A National Information Assurance Strategy A NATIONAL INFORMATION ASSURANCE STRATEGY i Foreword Information and communications technology is changing the way that

More information

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. Table of contents 1 Introduction...3 2 Architecture Services...4 2.1 Enterprise Architecture Services...5 2.2 Solution Architecture Services...6 2.3 Service

More information

Procurement Strategy. June Procurement Strategy

Procurement Strategy. June Procurement Strategy June 2015 Procurement Strategy Contents 1. VISION 2. PURPOSE 3. PROCUREMENT OBJECTIVES 4. PROCUREMENT AIMS 5. PROCUREMENT MEASURES 6. KEY PERFORMANCE INDICATORS 7. REVIEW Page 2 of 10 1 VISION Proactive

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

DSDM Case Study. An Agile Approach to Software Systems Development for the Highways Agency

DSDM Case Study. An Agile Approach to Software Systems Development for the Highways Agency DSDM Case Study An Agile Approach to Software Systems Development for the Highways Agency Government agencies are constantly striving to develop software systems that support business objectives, deliver

More information

Corporate Procurement Strategy 2014-2017

Corporate Procurement Strategy 2014-2017 Strategy 2014-2017 Strategy 2014-2017 Introduction The Brighton & Hove community is distinctive for its strong international flavour and vibrant diversity of cultures. The make-up of the local population,

More information

Managing ICT contracts in central government. An update

Managing ICT contracts in central government. An update Managing ICT contracts in central government An update Prepared by Audit Scotland June 2015 Auditor General for Scotland The Auditor General s role is to: appoint auditors to Scotland s central government

More information

Human Resources and Organisational Development. Job No. (Office Use)

Human Resources and Organisational Development. Job No. (Office Use) ROLE PROFILE Human Resources and Organisational Development Role Profile Job Title Head of Business and Technical Architecture Job No. (Office Use) F27 Grade (Office Use) Directorate Transformation and

More information

Risk Management. National Occupational Standards February 2014

Risk Management. National Occupational Standards February 2014 Risk Management National Occupational Standards February 2014 Skills CFA 6 Graphite Square, Vauxhall Walk, London, SE11 5EE T: 0207 0919620 F: 0207 0917340 E: info@skillscfa.org www.skillscfa.org Skills

More information

Cambridge University Library. Working together: a strategic framework 2010 2013

Cambridge University Library. Working together: a strategic framework 2010 2013 1 Cambridge University Library Working together: a strategic framework 2010 2013 2 W o r k i n g to g e t h e r : a s t r at e g i c f r a m e w o r k 2010 2013 Vision Cambridge University Library will

More information

Review of Risk Management and Insurance. Public Accounts Committee

Review of Risk Management and Insurance. Public Accounts Committee Review of Risk Management and Insurance Public Accounts Committee April 2012 Contents Executive Summary 1 Maturity Model 6 Understanding the Causes and the Way Forward 7 Risk Management Recommendations

More information

The Cadence Partnership Service Definition

The Cadence Partnership Service Definition The Cadence Partnership Service Definition About Cadence The Cadence Partnership is an independent management consultancy, specialising in working with a wide range of organisations, solving complex issues

More information

4.10 Information Management Policy

4.10 Information Management Policy Policy Statement Information is a strategic business resource that the must manage as a public trust on behalf of Nova Scotians. Effective information management makes program and service delivery more

More information

A Guide to the Cyber Essentials Scheme

A Guide to the Cyber Essentials Scheme A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane

More information

Revenue Scotland. Risk Management Framework

Revenue Scotland. Risk Management Framework Revenue Scotland Risk Management Framework Contents 1. Introduction... 3 1.1 Overview of risk management... 3 2. Policy statement... 4 3. Risk management approach... 5 3.1 Risk management objectives...

More information

Royal Borough of Kensington and Chelsea. Data Quality Framework. ACE: A Framework for better quality data and performance information

Royal Borough of Kensington and Chelsea. Data Quality Framework. ACE: A Framework for better quality data and performance information Royal Borough of Kensington and Chelsea Data Quality Framework ACE: A Framework for better quality data and performance information March 2010 CONTENTS FOREWORD 2 A CORPORATE FRAMEWORK FOR DATA QUALITY

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

Open Source, Open Standards and Re Use: Government Action Plan

Open Source, Open Standards and Re Use: Government Action Plan Open Source, Open Standards and Re Use: Government Action Plan Foreword When Sir Tim Berners Lee invented the World Wide Web in 1989, he fought to keep it free for everyone. Since then, not everyone in

More information

Project, Programme and Portfolio Management Delivery Plan 6

Project, Programme and Portfolio Management Delivery Plan 6 Report title Agenda item Project, Programme and Portfolio Management Delivery Plan 6 Meeting Performance Management and Community Safety Panel 27 April 2009 Date Report by Document number Head of Strategy

More information

House of Commons Corporate Governance Framework

House of Commons Corporate Governance Framework House of Commons Corporate Governance Framework What is Corporate Governance? 1. Good corporate governance is fundamental to any effective organisation and is the hallmark of any well-managed corporate

More information

Information Management: A common approach

Information Management: A common approach Information Management: A common approach July 2013 Document Control Document history Date Version No. Description Author July 2013 1.0 Final Department of Finance and Services October 2013 1.1 Updated

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous

More information

Asset Management Policy March 2014

Asset Management Policy March 2014 Asset Management Policy March 2014 In February 2011, we published our current Asset Management Policy. This is the first update incorporating further developments in our thinking on capacity planning and

More information

Chief Information Security Officer

Chief Information Security Officer Principles Vision Purpose Statement Chief Information Security Officer healthalliance Purpose, Vision and Principles healthalliance provides shared services to benefit NZ health organisations. We will

More information

Using Enterprise Content Management Principles to Manage Research Assets. Kelly Mannix, Manager Deloitte Consulting Perth, WA.

Using Enterprise Content Management Principles to Manage Research Assets. Kelly Mannix, Manager Deloitte Consulting Perth, WA. Using Enterprise Content Management Principles to Manage Research Assets Kelly Mannix, Manager Deloitte Consulting Perth, WA November 2010 Agenda Introduction Defining ECM Understanding the Challenges

More information

Network Rail Infrastructure Projects Joint Relationship Management Plan

Network Rail Infrastructure Projects Joint Relationship Management Plan Network Rail Infrastructure Projects Joint Relationship Management Plan Project Title Project Number [ ] [ ] Revision: Date: Description: Author [ ] Approved on behalf of Network Rail Approved on behalf

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective

More information

Review of Information Technology Expenditure Summary 16 November 2011. Dr John Hogan. Registrar

Review of Information Technology Expenditure Summary 16 November 2011. Dr John Hogan. Registrar Review of Information Technology Expenditure Summary 16 November 2011 Dr John Hogan Registrar Recap on scope The objective of the review was to recommend ways to improve the University s value for money

More information

Customer requirements. Asset management planning Inspection and assessment Route asset planning Annual work plans Contracting strategy

Customer requirements. Asset management planning Inspection and assessment Route asset planning Annual work plans Contracting strategy Section 8 Output monitoring Inputs Customer requirements Safety standards Outputs and funding SRA and Government Policy Network stewardship strategy Asset and operational policies Maintenance & renewal

More information

Essex County Council. Architecture Excellence

Essex County Council. Architecture Excellence Essex County Council Architecture Excellence the customer overview Customer Essex County Council Website www.essex.gov.uk Number of employees Approx 9000 Country or region Essex, United Kingdom Industry

More information

Records management in SharePoint 2010

Records management in SharePoint 2010 Records management in SharePoint 2010 Implications and issues Crown copyright 2011 You may re-use this information (excluding logos) free of charge in any format or medium, under the terms of the Open

More information

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework + = Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework Background Middlesbrough Council is going through significant

More information

THE BRITISH LIBRARY. Unlocking The Value. The British Library s Collection Metadata Strategy 2015-2018. Page 1 of 8

THE BRITISH LIBRARY. Unlocking The Value. The British Library s Collection Metadata Strategy 2015-2018. Page 1 of 8 THE BRITISH LIBRARY Unlocking The Value The British Library s Collection Metadata Strategy 2015-2018 Page 1 of 8 Summary Our vision is that by 2020 the Library s collection metadata assets will be comprehensive,

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Information, Communications and Technology Strategy. Purpose 2. Strategic Aims 2. Introduction 2. ICT Vision for 2015-2020 3. Key themes and aims: 4

Information, Communications and Technology Strategy. Purpose 2. Strategic Aims 2. Introduction 2. ICT Vision for 2015-2020 3. Key themes and aims: 4 Brigade Order Operations Brigade Order Administration 16 Part Part 1 Section Title Information, Communications and Technology Strategy Contents No. Purpose 2 Strategic Aims 2 Introduction 2 ICT Vision

More information

Joint ICT Service ICT Strategy 2014-17

Joint ICT Service ICT Strategy 2014-17 Document History Document Location This document is only valid on the day it was printed. The source of the document will be found in (see footer) Revision History Date of this revision: 19 th May 2014

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

The Gateway Review Process

The Gateway Review Process The Gateway Review Process The Gateway Review Process examines programs and projects at key decision points. It aims to provide timely advice to the Senior Responsible Owner (SRO) as the person responsible

More information

ITC 19 th November 2015 Creation of Enterprise Architecture Practice

ITC 19 th November 2015 Creation of Enterprise Architecture Practice ITC 19.11.15 ITC 19 th November 2015 Creation of Enterprise Architecture Practice C Description of paper 1. As part of a wider strategy of Digital Transformation of the University s core services, ISG

More information

Delivering e-procurement Local e-gov National e-procurement Project Overarching Guide to e-procurement for LEAs

Delivering e-procurement Local e-gov National e-procurement Project Overarching Guide to e-procurement for LEAs 1. Introduction Background The National e-procurement Project (NePP) and Centre for Procurement Performance (CPP) are working to support and enable schools to meet their e- Government targets and to gain

More information

OPEN INTERNATIONAL MARKETS INCREASE MARKET CONFIDENCE CREATE COMPETITIVE ADVANTAGE A PLATFORM FOR INNOVATION

OPEN INTERNATIONAL MARKETS INCREASE MARKET CONFIDENCE CREATE COMPETITIVE ADVANTAGE A PLATFORM FOR INNOVATION National Standardization Strategic Framework OPEN INTERNATIONAL MARKETS INCREASE MARKET CONFIDENCE A PLATFORM FOR INNOVATION CREATE COMPETITIVE ADVANTAGE Foreword Standards influence everything we do.

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

Access Governance. Delivering value. What you gain. Putting a project back on track for success

Access Governance. Delivering value. What you gain. Putting a project back on track for success What you gain Risk-managed access Having a second line of defence to identify what needs to be controlled and who owns it lowers your operational costs, while taking a risk-based approach ensures greater

More information

VISION FOR LEARNING AND DEVELOPMENT

VISION FOR LEARNING AND DEVELOPMENT VISION FOR LEARNING AND DEVELOPMENT As a Council we will strive for excellence in our approach to developing our employees. We will: Value our employees and their impact on Cardiff Council s ability to

More information

Implementing an Electronic Document and Records Management System. Key Considerations

Implementing an Electronic Document and Records Management System. Key Considerations Implementing an Electronic Document and Records Management System Key Considerations Commonwealth of Australia 2011 This work is copyright. Apart from any use as permitted under the Copyright Act 1968,

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

Technology management in warship acquisition

Technology management in warship acquisition management in warship acquisition A J Shanks B.Eng(Hons) MIET BMT Defence Services Limited SYNOPSIS Today s warship designers and engineers look to technology to provide warships and systems better, cheaper

More information

POSITION DESCRIPTION. Role Purpose. Key Challenges. Key Result Areas

POSITION DESCRIPTION. Role Purpose. Key Challenges. Key Result Areas POSITION DESCRIPTION Position Title Manager, Technical Services Support Position Number Reports to Manager Technology Services Functional Auth HRM Auth Region IT Services Centre Head Office Date Feb 2011

More information

NSW Government ICT Benefits Realisation and Project Management Guidance

NSW Government ICT Benefits Realisation and Project Management Guidance NSW Government ICT Benefits Realisation and Project Management Guidance November 2014 CONTENTS 1. Introduction 1 2. Document purpose 1 3. Benefits realisation 1 4. Project management 4 5. Document control

More information

WHY DO I NEED A PROGRAM MANAGEMENT OFFICE (AND HOW DO I GET ONE)?

WHY DO I NEED A PROGRAM MANAGEMENT OFFICE (AND HOW DO I GET ONE)? WHY DO I NEED A PROGRAM MANAGEMENT OFFICE (AND HOW DO I GET ONE)? Due to the often complex and risky nature of projects, many organizations experience pressure for consistency in strategy, communication,

More information

Enterprise Architecture (EA) Principles

Enterprise Architecture (EA) Principles FINAL January 2016 Enterprise Architecture (EA) Principles Introduction The Enterprise Architecture principles express how Highways England needs to design and deploy information systems across the organisation.

More information

Risk Management. Policy, Strategy and Methodology

Risk Management. Policy, Strategy and Methodology Risk Management Policy, Strategy and Methodology Contents Page Number Foreword by Paul Orders, Chief Executive... 2 Foreword by Councillor Graham Hinchey, Cabinet Member for Corporate Services and Performance...

More information

Using PRINCE2 and MSP Together

Using PRINCE2 and MSP Together Using PRINCE2 and MSP Together Andy Murray, Director, Outperform White Paper October 2010 2 Using PRINCE2 and MSP Together Contents 1 Purpose of this White Paper 3 2 Project and programme management context

More information

The Risk Management strategy sets out the framework that the Council has established.

The Risk Management strategy sets out the framework that the Council has established. Derbyshire County Council Management Policy Statement The Authority adopts a proactive approach to Management to achieve Best Value and continuous improvement and is committed to the effective management

More information

WHITE PAPER IT SERVICE MANAGEMENT IT SERVICE DESIGN 101

WHITE PAPER IT SERVICE MANAGEMENT IT SERVICE DESIGN 101 WHITE PAPER IT SERVICE MANAGEMENT IT SERVICE DESIGN 101 Prepared by: Phillip Bailey, Service Management Consultant Steve Ingall, Head of Service Management Consultancy 60 Lombard Street London EC3V 9EA

More information

PROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION

PROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION PROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION 1. Introduction This document has been written for all those interested in the future approach for delivering ICT

More information

External Audit BV Performance Report: Delivering Change Management and Financial Sustainability

External Audit BV Performance Report: Delivering Change Management and Financial Sustainability CLACKMANNANSHIRE COUNCIL THIS PAPER RELATES TO ITEM 05 ON THE AGENDA Report to: Resources and Audit Committee Date of Meeting: 24 September 2015 Subject: External Audit BV Performance Report: Delivering

More information

Service Catalog Management: A CA Service Management Process Map

Service Catalog Management: A CA Service Management Process Map TECHNOLOGY BRIEF: SERVICE CATALOG MANAGEMENT Catalog : A CA Process Map JULY 2009 Enrico Boverino SR PRINCIPAL CONSULTANT, TECHNICAL SALES ITIL SERVICE MANAGER ITAC CERTIFIED Table of Contents Executive

More information

STILL WANT TO KNOW MORE...? Getting the most out of our knowledge and information

STILL WANT TO KNOW MORE...? Getting the most out of our knowledge and information STILL WANT TO KNOW MORE...? Getting the most out of our knowledge and information Contents Foreword...3 Why an information management strategy?...4 I know what information we ve got and where it s stored...8

More information

Scotland s Commissioner for Children and Young People Records Management Policy

Scotland s Commissioner for Children and Young People Records Management Policy Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives

More information

Maturity Model. March 2006. Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce

Maturity Model. March 2006. Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce Maturity Model March 2006 Version 1.0 P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce This is a Value Added product which is outside the scope of the HMSO

More information

Contents. Introduction Page 3. Section 1 Strategic Aim Page 4. Section 2 Professionally Resourced Page 5

Contents. Introduction Page 3. Section 1 Strategic Aim Page 4. Section 2 Professionally Resourced Page 5 Contents Introduction Page 3 Section 1 Strategic Aim Page 4 Section 2 Professionally Resourced Page 5 Section 3 Economic, Social and Environmental Impact Page 6 Section 4 Community Benefits Page 7 Section

More information

Social media governance Harnessing your social media opportunity

Social media governance Harnessing your social media opportunity www.pwc.co.uk/riskassurance Social media governance Harnessing your social media opportunity June 2014 Social media allows organisations to engage with people directly, express their corporate personality

More information

Commissioning and Procurement Strategy

Commissioning and Procurement Strategy Cardiff Council Commissioning and Procurement Strategy 2011-2015 Delivering Quality and Value Proud to Deliver Contents Foreword Part 1 - Introduction 1.1 Purpose of the Strategy 1.2 Why Commissioning

More information