The importance of an information management policy

The importance of a compliant record management process

Information and records are key strategic assets at the core of any business. Effective information management helps organisations to have meaningful, reliable and usable information available when their business needs it to enable effective and efficient business operations.

It is important that all organisations take accountability for the information and data they collect (whether it be generated from customers or through internal processes) and should establish processes that manage information and records securely, efficiently and systematically.  A records management policy should set down the minimum level of compliance for information management best practice.

With information formats and storage options constantly changing and regulatory legislation and standards specific to various industry segments continuing to expand, it is becoming increasingly more important for businesses to implement structured information management processes and procedures.

Most importantly an information governance program formalises intentions for information management and therefore decreases the level of risk.

Key elements of a robust information management policy

Set in place an organisation wide strategy

Ensure senior executives adopt an organisation wide strategy on information management. Appoint ownership of the strategy and allocate responsibilities for information management to employees or external suppliers. Regularly communicate with your organisation about your strategy and provide ongoing training for relevant staff.

Intelligently manage your information

Ensure there are clear requirements in place for the creation, capture and management of information to ensure that it is accessible, usable, shareable, maintained correctly and is sustainable. The focus should be on ensuring that information can be utilised to enhance business operations.

Securely protect your information

Set in place an information security policy to maintain the confidentiality, integrity and availability of business information. Identify high risk or high value business systems and processes and what information is required to support these.

Understand retention requirements

Implement policies to ensure that information is systematically kept for as long as required for business and legal purposes and identify how disposal of this information is managed. Policies must include a commitment by the organisation to adhere to any relevant legislation and governing standards.

Monitoring and audit processes

Information audit policies should explain how the organisation will carry out reporting, internal audits and self-monitoring. Regularly monitoring information management activities will ensure they are meeting the needs of the organisation and supporting business processes.

Download our FREE compliance checklist

How to implement a compliant information management policy

Generally Accepted Recordkeeping Principles®

The Generally Accepted Recordkeeping Principles® (Principles) constitute a generally accepted global standard that identifies the critical hallmarks and a high-level framework of good practices for information governance. Published by ARMA International, the Principles were developed to provide organisations with a standard of conduct for governing information.  ARMA International is a not-for-profit professional association for records and information managers and related industry practitioners and vendors.

Principle of Accountability

A senior executive (or a person of comparable authority) shall oversee the information governance program and delegate responsibility for information management to appropriate individuals.

Principle of Transparency

An organisation’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate, interested parties.

Principle of Integrity

An information governance program shall be constructed so the information assets generated by or managed for the organisation have a reasonable guarantee of authenticity and reliability.

Principle of Protection

An information governance program shall be constructed to ensure an appropriate level of protection to information assets that are private, confidential, privileged, secret, classified, essential to business continuity, or that otherwise require protection.

Principle of Compliance

An information governance program shall be constructed to comply with applicable laws, other binding authorities, and the organisation’s policies.

Principle of Availability

An organisation shall maintain its information assets in a manner that ensures their timely, efficient, and accurate retrieval.

Principle of Retention

An organisation shall maintain its information assets for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements.

Principle of Disposition

An organisation shall provide secure and appropriate disposition for information assets no longer required to be maintained, in compliance with applicable laws and the organisation’s policies.

Information governance for the New Zealand public sector

Archives New Zealand, Te Rua Mahara o te Kāwanatanga is the official guardian of New Zealand’s public archives.

Archives New Zealand provides an extensive Records Toolkit for guidance on information and records management for the New Zealand public sector.

GO TO ARCHIVES NZ

Local government information management

ALGIM (Association of Local Government Information Management) provides professional development and thought leadership across a range of local government professions. ALGIM offers the following resources:

  • The ALGIM Information Management Toolkit is a set of online tools and resources designed specifically for local authorities to help with the effective and efficient management of information.
  • The ALGIM Information Management Health Checks are carried out by ALGIM’s resident information management expert, and examine the information management systems and practices a council may be using, to let you know what’s working well and what could be improved.

GO TO ALGIM

What our customers say about us