3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks;

Transcription

1 Enterprise Content Management (ECM) Policy Version Information A. Introduction Purpose 1. Outline and articulate the strategy for enterprise content management across Redland City Council (RCC). This document will provide the direction needed and form part of the governance framework for enterprise content management; 2. Ensure the business requirements of stakeholders are met throughout the enterprise content management lifecycle including capture, store, manage, deliver and preserve; 3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks; 4. Establish Council s data management principles and align these principles with the Information Management Governance Framework; and 5. Ensure an enterprise wide approach to consistent enterprise content management. Goals Deliver cost effective and quality content capture, storage, delivery, preservation and compliance through legislative, best practice and standards adherence. Benefits 1. Lower Administration Costs; Reduction in maintenance and operational costs by consolidation of isolated information and content silos. Reduction in offsite storage and retrieval costs through implementation of solutions with retention and disposal functionality. 2. Legal Compliance; Increase in the ability to facilitate regulatory compliance and legal discovery. 3. Minimise risk; Ensuring appropriate records management functionality to achieve compliance with legislation and information standards including the classification, retention and disposal of records. 4. Enhanced useability; Collaborating with stakeholders in the planning, development and implementation of ECM processes, procedures and technologies to best meet their business needs. Business process automation and instant access to information to aid actors with better and faster decision making and productivity. Page: 1 of 5

2 Scope The enterprise content management framework must support industry best practice processes and provide as a minimum the following functional capability: 1. Capture - Establish business procedures and processes to ensure information is captured in a standard format. 2. Store - Store information in compliance with relevant legislation and standards. 3. Manage - Establish the capability to manage the life-cycle of information. 4. Deliver - Establish a secure single point of access to all information. 5. Preserve - Preserve information in compliance with relevant legislation and standards. Governance This policy is governed by the Information Management Strategy Document Control 1. Only the Chief Executive Officer (CEO) can approve amendments to this policy; and 2. Approved amended documents must be submitted to the Office of the CEO to place the document on the Policy, Guidelines and Procedures Register. B. Principles 1. One Data Dictionary - RCC has one Dictionary of Data that clearly defines the meaning and etymologies of each Data Concept; 2. Information is an Asset - Information is an asset that has value to RCC and is managed accordingly; 3. Information is Shared - Actors have access to the information necessary to perform their duties; therefore, information is shared and accessible across the RCC; 4. Need to know - Actor access to assets is granted on a need to know basis only; 5. Accountability - All actions within RCC will be traceable to an actor; 6. Single System of Record - There shall be a single application identified as being the owner for each Data Entity. This shall be the only application allowed to update this data; and 7. Risk Based Information Security and Audit - Information shall be secured and auditable based upon the threats and risks associated with loss, damage or exposure of that information in accordance with the agreed security classification of that information by the business. Page: 2 of 5

3 C. Relevant information Context This policy fits within the Council s Information Management Governance Framework. Responsibilities 1. Managers (General/Group/Service) Managers at all levels are responsible for promoting awareness of ECM principles and ensuring that all staff under their supervision with access to information resources understand and comply with these principles; 2. Chief Information Officer (CIO) The CIO is responsible for ensuring the Information Management Group provides and supports an Enterprise Architecture that enables the achievement of the ECM principles and capability; and 3. All Council Staff All staff that have access to information resources have a responsibility for understanding and complying with this policy and the supporting guidelines. Other related documents Information Management Strategy ; POL-1001 Identity Management Policy; POL-1002 Data Management Policy; POL-1004 Application Management Policy; Enterprise Architecture Principles; IM - Service Catalogue; GL Records Management Guideline; GL Digital Signing Guideline GL Guideline; GL Back-Up, Recovery and Archive Guideline; GL Data Quality Management Guideline; GL Metadata Management Guideline; AS/ISO Records Management; Information Standard 31 Retention and Disposal of Public Records; Information Standard 34 Metadata; Information Standard 40 Recordkeeping; QSA General Retention & Disposal Schedule for Administrative Records (QDAN249); and QSA Local Government Sector Retention & Disposal Schedule (QDAN480). Legislation Information Privacy Act 2009 Right to Information Act 2009 Page: 3 of 5

4 Public Sector Ethics Act 1994 Public Service Act 2008 Financial Accountability Act 2009 Financial and Performance Management Standard 2009 Judicial Review Act 1991 Evidence Act 1977 Electronic Transactions (Qld) Act 2001 Public Records Act 2002 Anti-Discrimination Act 1991 Crime and Misconduct Act 2001 Local Government Act 2009 Statutory Bodies Financial Arrangements Act 1982 Whistleblowers Protection Act 1994 Work Health and Safety Act 2011 (Qld) Definitions The following definitions are relevant to this policy: Term Enterprise Content Management (ECM) Unstructured Information and content Enterprise Architecture All Staff Actor Life-cycle Retention and Disposal Definition Enterprise Content Management (ECM) is the strategies and technologies deployed to capture, store, manage, deliver and preserve unstructured information or content. Information or content with no identifiable structure and open to interpretation eg. Documents, images, s, video, photos, drawings, plans, CCTV footage. The construct of IT Infrastructure, Applications and Databases that effectively and efficiently enables the delivery of Information Management Services. Applies to all Redland City Council (RCC) permanent, temporary and casual staff and staff employed under a RCC employment contract; including contractors, agency staff and/or consultants. Represent a user that interacts with one or more products (information, application or hardware) The life-cycle of business records and information from creation to its preservation in archives or disposal. The process of identifying the length of time a record should be kept for before it can be destroyed or purged by an organisation. Page: 4 of 5

5 Version Information Version number Date 1 January 2013 New Policy Key Changes Back to Top Page: 5 of 5