The Department for Business, Innovation and Skills IMA Action Plan PRIORITY RECOMMENDATIONS

Similar documents
Information governance strategy

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4.

MANAGING DIGITAL CONTINUITY

Information Management Strategy. July 2012

Digital Archives Migration Methodology. A structured approach to the migration of digital records

Implementing an Electronic Document and Records Management System. Key Considerations

Information Management Advice 39 Developing an Information Asset Register

Identifying Information Assets and Business Requirements

Mapping the Technical Dependencies of Information Assets

West Dunbartonshire Council. Follow-up data protection audit report

Digital Archiving Survey

OFFICIAL. NCC Records Management and Disposal Policy

information Records Management Checklist business people security preservation accountability Foreword Introduction Purpose of the checklist

Embedding Digital Continuity in Information Management

Information Governance Management Framework

Corporate Records Management Policy

NSW Government Standard Approach to Information Architecture. December 2013 v.1.0

Argyll and Bute Council. Information Management Strategy

Digital Continuity to Support Forensic Readiness

Queensland recordkeeping metadata standard and guideline

Information Management

Digital Continuity in ICT Services Procurement and Contract Management

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Information Governance Strategy & Policy

Scotland s Commissioner for Children and Young People Records Management Policy

EXPLORING THE CAVERN OF DATA GOVERNANCE

CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY

National Approach to Information Assurance

Digital Continuity Plan

Information Governance Framework

Manchester City Council Role Profile. Service Desk Analyst, Grade 6. ICT Service, Corporate Core Directorate Reports to: Team Lead (Service Support)

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

WHAT IS PRINCE2? Benefits There are many benefits of using PRINCE2 but primarily it:

General Notes Time allowed 1 hour. Answer all 60 multiple choice questions Use the proforma answer sheet provided.

Information Governance Policy

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4

the Defence Leadership framework

Annual Governance Statement 2013/14

Corporate Risk Management Policy

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

Information Management Policy

CCG: IG06: Records Management Policy and Strategy

Version Number Date Issued Review Date V1 25/01/ /01/ /01/2014. NHS North of Tyne Information Governance Manager Consultation

Good Practice Guide: the internal audit role in information assurance

Information Governance Strategy. Version No 2.1

Enterprise Information Management

(Joint) Information Management Strategy April 2014

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Information Governance and Assurance Framework Version 1.0

Records Management Policy

Communications Strategy

Housing Association Regulatory Assessment

INFORMATION GOVERNANCE STRATEGY NO.CG02

Corporate Policy and Strategy Committee

PROJECT INITIATION DOCUMENT

MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY. Ensuring Information is Accurate and Fit for Purpose

Digital Continuity for Change Managers

Records Management Checklist. preservation. accountability. information. security. peoplep. A tool to improve records management

Information Management Responsibilities and Accountability GUIDANCE September 2013 Version 1

Business Continuity Management

CORPORATE RECORDS MANAGEMENT POLICY

ESKITP Manage IT service delivery performance metrics

5/30/2012 PERFORMANCE MANAGEMENT GOING AGILE. Nicolle Strauss Director, People Services

Information Governance Strategy

Avondale College Limited Enterprise Risk Management Framework

Risk Management & Business Continuity Manual

Corporate Governance Service Business Plan Modernising Services

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization

Oxford City Council ICT Strategy

Life Cycle of Records

COMMUNICATION AND ENGAGEMENT STRATEGY

NSW Government ICT Benefits Realisation and Project Management Guidance

P3M3 Portfolio Management Self-Assessment

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

The anglo american Safety way. Safety Management System Standards

The DAM Maturity Model

Project, Programme and Portfolio Management Delivery Plan 6

Risk Management. Group Standard

INVESTORS IN PEOPLE ASSESSMENT REPORT

UNIVERSITY OF LONDON RECORDS MANAGEMENT MANUAL: BEST PRACTICE PROCEDURE No. 4 ELECTRONIC RECORDS MANAGEMENT

Migrating digital records

Lancashire County Council Information Governance Framework

Knowledge Management Strategy Version 0.8

Guide 4 Keeping records to meet corporate requirements

Transcription:

PRIORITY RECOMMENDATIONS R1 BIS to elevate the profile of information risk in support of KIM strategy aims for the protection, management and exploitation of information. This would be supported by: Establishing policy on information risk. As with guidance for Information Asset s (IAOs) referenced below, this should be explicitly aligned with the KIM strategy goals. Ensuring information risks are documented corporately, such as risks resulting from a failure to manage information in accordance with its value, with clear escalation paths so that strategic impacts can be recognised. This work could draw on risks already defined within KIM policy and through the FIMS project together with those highlighted in the body of this report. Clearly establishing tolerances and appetites for information risk. R2 R1 Actions Action 1.1 Develop an Information Risk Policy to sit alongside the Knowledge and Information Strategy and refreshed Information Asset Register (IAR) Action 1.2 On of the Information Asset Register (IAR) develop a SIRO Risk Register that works in line with Security Management Risk overview reporting. Action 1.3 Issue a statement on information risk in BIS from the SIRO Medium tbc tbc SIRO working with others (tbc) BIS to ensure lessons are learned from the adoption of Matrix and use of alternative repositories and ensure requirements for the use and management of information remain at the heart of the FIMS project. These must inform decision making on configuration, implementation and contingency planning.

Key requirements in this regard include discovery, ease of use together with current strengths of the EDRMS such as access controls and lifecycle management. This would be supported by: Ensuring the risks of meeting and not meeting business requirements in practice are fully defined, and that the potentially significant impacts have visibility beyond the FIMS project. Close liaison with the business to identify key needs and help prioritise migration. Maintaining control and oversight of the technology environment as a whole following roll-out of new systems, particularly in terms of any necessary additional or alternative repositories. Mapping usage requirements of key information assets in line with The National Archives guidance. R2 Actions Action 2.1 Ensure that the new ECM is configured in a way that meets all agreed business and statutory requirements FIMS Project December 2013 Action 2.2 Develop a Data Migration strategy that enables the business to identify and assess information of value to transfer to the new ECM. Secure support for approach and sign-off from the BIS Operations Committee. Business Transition November 2013 Action 2.3 Using a variety of channels (intranet, email, staff briefings etc) (i) communicate data cleansing and migration actions required of staff and (ii) monitor compliance by running reports on email inbox size and personal drive storage. Ways of Working (WoW) January 2014 Action 2.4 Once the new ECM has been rolled out monitor usage of ECM and alternative repositories as part of benefits work Medium KIM / WoW May 2014 - Action 2.5 Ensure all business requirement risks relating to the FIMS project are entered on the FIMS FIMS Project November 2013

R3 risk register and FLITE benefits register. BIS to produce a clear and detailed implementation plan for its KIM strategy to define how threats will be reduced, opportunities realised and outcomes delivered. This would be supported by: Aligning the work and deliverables of the KIM team and that of other stakeholders to strategy outcomes Developing a plan to promote and drive the adoption of new policy and guidance for information management during and following system rollout. Directing policy and guidance towards cultural barriers to good practice and system usage such as perceived lack of time to capture information corporately. Identifying quantifiable performance indicators and success criteria, defining how these will be used to target risk areas and potential areas of good practice. R3 Actions Action 3.1 Produce KIM Strategy implementation plan and review quarterly. Action 3.2 Taking into account the Target Operating model and KIM strategy, ensure the KIM team has an appropriate structure and skills base to become Centre of Excellence for KIM across BIS and its Partner Organisations. Action 3.3 Develop a Behavioural Change Strategy to address cultural barriers to good information and records management. Action 3.4 Develop KIM KPIs and balance scorecard and monitor quarterly Action 3.5 Working with Partner Organisations develop an Information Management Maturity Model to assess Head of KIM Q2 2014-15 Medium Head of KIM Q2 2014-15 Medium KIM June 2014 Low KIM Q2 2014-15 Medium KIM June 2014 Maturity model baselined and in pilot stage (May 2014)

and measure progress in business IM practices and behaviours Action 3.6 Set up extranet to facilitate electronic collaboration on KIM with stakeholders such as key staff in BIS Partner Organisations Medium KIM December 2013 R4 BIS to support KIM strategy goals and vision through a consistent and mutually supportive suite of policy and guidance. To deliver maximum benefit, this policy and guidance should: Define how KIM strategy outcomes and vision enable the achievement of specific business objectives and BIS Values and Behaviours. Establish how individuals, the SIRO, deputy SIRO, IAOs and key KIM governance support KIM strategy outcomes. Be pragmatic, user focused, interrelated and clearly aligned to the technology and business environment. R4 Actions Action 4.1 Carry out survey of existing KIM policies and guidance Medium KIM Q2 2014-15 Action 4.2 Working with Ways of Working and user groups, consult on, design and seek approval for new KIM Policies and Procedures Medium KIM September 2014 Action 4.3 see Action 3.1 (KIM Strategy implementation plan) Head of KIM Q2 2014-15 Action 4.4 Review and redesign the intranet to facilitate access to KIM policies and guidance Medium Comms / KIM Q2 2014-15 This will be within the constraints of the intranet redesign. KIM team do not have overall control of the R5 BIS to build on the foundations already in place for transparency and champion information and its management at Management Board level. This would be supported by:

Clear endorsement and support of the Board for the KIM strategy. Defined reporting requirements for the KIM strategy, including criteria for exception reporting, so the senior team can be kept informed of progress towards goals. Recognising the KIM team s role in establishing and ensuring the proper use of new systems. R5 Actions Action 5.1 Secure Permanent Secretary and Operations Committee sign-off for the KIM Strategy Action 5.2 See Action 3.1 (KIM Strategy implementation plan) Head of KIM January 2014 Head of KIM Q2 2014-15 Action 5.3 See Action 3.2 (Centre of Excellence) Medium Head of KIM Q2 2014-15 PRIORITY RECOMMEN SECONDARY RECOMMENDATIONS ATIONS R6 BIS to engage with the business to produce guidance that supports staff to capture and manage information according to value. This should be embedded within new policy and guidance in support of KIM strategy aims. The success of this approach would be helped by: Engaging with business units to devise tailored solutions and buy-in of managers. Ensuring a clear message on what information is ephemeral and should be deleted. Defining the development and adoption of guidance as a risk reduction activity. Defining routine capture points for corporate information in support of the KIM strategy aim KIM is not an added task, it is how we work, and establishing clear rules around file closure to support routine disposal. R6 Actions

Action 6.1 See Action 4.1 (review policies and procedures) Action 6.2 See Action 4.2 (re-issue policies and procedures) including What to keep guidance and retention and disposal policies Action 6.3 Embed new Government Classification Scheme across the department Medium KIM Q2 2014-15 Medium KIM September 2014 KIM January June 2014 Action 6.4 See Action 3.3 (Behavioural change) Medium KIM June 2014 Action 6.5 KIM Partners to embed in business units to Medium KIM Ongoing Ongoing provide expertise and support the KIM agenda R7 BIS to ensure clear planning and defined decisions around migration of digital information from shared drives and Matrix in accordance with value. This should include: Defining how technology supports the usability of core information assets. Establishing how Electronic Records Appraisal project outcomes will be preserved throughout the migration process. In particular, explicit reference should be made to digital information already highlighted as having historic value, and action taken to preserve the accessibility and context of such records. Planning to test for complete transfer of context and metadata. R7 Actions Action 7.1 See Action 2.2 (Data migration strategy) Business Transition Action 7.2 See Action 2.3 (Data migration comms) Ways of Working November 2013 December 2013

Action 7.3 See Action 2.1 (ECM configuration) FIMS Project Action 7.4 Ensure that robust UAT is carried out to FIMS Project preserve the authenticity and accuracy of content and metadata migrated to the ECM December 2013 February - April 2014 R8 BIS to gain greater control and oversight of the shared drives and information they contain as it work to replace Matrix and roll out its new technology environment. This would be supported by: Formally defining the risks raised by storing information within an unstructured and uncontrolled environment. An enforceable policy statement on provision of shared drives and clear guidance on their use where this needs to continue. Guidance on the discovery of information for business and Freedom of Information Act (FoIA) purposes across multiple repositories ahead of, during and following the introduction of the FIMS solution. R8 Actions Action 8.1 See Action 1.2 (risk register) Action 8.2 See Action 2.2 (Data migration strategy) Business Transition Action 8.3 FoI and DPA messages are contained within the migration and rollout comms, and reinforced in the training for the new ECM. Medium FIMS Project (in conjunction with IRU) November 2013 April 2014 R9 BIS to develop its information asset management approach in line with KIM strategy goals, with the support of The National Archives. This requires: Clarity on the delivery of the information asset definition. BIS needs to be clear on type and level of information asset to be captured and focus on maintaining a manageable Information Asset Register by, for example, splitting it by directorate.

Clear definitions in relation to value, quality and usability and clear reporting requirements. A review of guidance to ensure it supports effective delegation of risk from the SIRO and reflects goals for the protection, management, exploitation and re-use of information assets. Guidance should be explicitly alighted with the KIM strategy. R9 Actions Action 9.1 IAR to be sent to TNA for comment Medium KIM October 2013 Action 9.2 Ensure that IAR aligns with BIS dataset Medium KIM Q2 2014-15 inventory and published datasets on data.gov. Action 9.3 See Action 4.2 (policies and guidance) Medium KIM September 2014 Action 9.4 IAR review and update processes to be formalised Low KIM June 2014 R10 BIS to reinforce governance structures for information support roles to ensure they can drive good practice in accordance with information policy and KIM strategy aims. To support this, BIS should: Define reporting requirements for Information Support Officers (ISOs) to promote policy and good practice. Consider how existing support roles, together with existing project and programme governance structures, can be used to best effect to support implementation of the KIM strategy before, during and after systems and infrastructure changes. R10 Actions Action 10.1 Carry out review role of Information Support Officer and role of ICT super-user Low KIM September 2014 Action 10.2 Develop a BIS Knowledge Council to be headed by SCS Knowledge Champion Low KIM September 2014 Action 10.3 Refresh guidance for specialist users to reflect changes in the role Low KIM September 2014

R11 BIS to develop a clear plan for the management and review of paper files to ensure the best use of review team resources and limited available space. This should include: Documenting the file transfer process to support clear communication of roles and responsibilities. To meet legislative compliance and best practice, BIS should investigate and develop the process for transferring digital information of historic value to The National Archives. This should include a methodology for adapting current sensitivity review methodology to digital records. Actions Action 11.1 Revisit the ERA (Electronic Records Appraisal) process and, once records are on the ECM, re-start the transfer of electronic material. Medium KIM June 2014 - Action 11.2 Produce documentation of the file transfer process Low KIM June 2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information