Printer Friendly (PDF, 207 kB)
Purpose
This Information Standard establishes the principles which need to be applied in implementing custodianship processes for information assets across Queensland Government agencies.
Custodians are the recognised officers responsible for implementing and maintaining information assets according to the rules set by the owner to ensure proper quality, security, integrity, correctness, consistency, privacy, confidentiality and accessibility. Custodians are responsible for specific classifications or categorisations of information assets.
Policy
The Queensland Government has responsibility for a significant number of information assets. This policy provides a whole-of-Government standardised approach to assigning custodians to these information assets to ensure that these assets are managed throughout their lifecycle and are accessible to appropriate stakeholders. Agencies must, at a minimum:
- identify agency information assets
- establish and maintain an information asset register
- assign roles and responsibilities to custodians of information assets
- provide training on the roles, responsibilities and associated activities of custodians of information assets
- develop and implement an agency information asset custodianship policy
- develop and implement processes to manage information assets over their lifecycle, including privacy, security, intellectual property issues and all legislative and regulatory obligations.
Scope
This Information Standard, Information asset custodianship (IS44), relates to all domains within the information layer of the Queensland Government Enterprise Architecture (QGEA) Framework. For the purposes of this Standard the QGEA Information architecture definition paper definitions of “information” and “information asset” apply.
For the purposes of this Standard, the following definitions apply as set out in the QGEA Information architecture definition paper.
Information
Information is any collection of data that is processed, analysed, interpreted, organised, classified or communicated in order to serve a useful purpose, present facts or represent knowledge in any medium or form. This includes presentation in electronic (digital), print, audio, video, image, graphical, cartographic, physical sample, textual or numerical form.
Information asset
An information asset is an identifiable collection of data stored in any manner and recognised as having value for the purpose of enabling an agency to perform its business functions, thereby satisfying a recognised agency requirement.
Data or information from an external source does not need to be managed as an agency's information asset. However, any modification of this information will create a new information asset that will require management.
This Information Standard applies to whole-of-Government.
Issue and review
This QGEA Information Standard is published within the QGEA and is administered by the Queensland Government Chief Information Office (QGCIO). It was developed by the QGCIO and approved by the Queensland Government Chief Information Officer on 20 April 2009.
This QGEA Information Standard will be reviewed on an annual basis. The next review date is April 2010.
Implementation
The authority for the implementation of the mandatory principles of the Information Standard is primarily derived from the Financial Management Standard 1997.
The implementation dates for this Standard are:
High-level risk assessment: October 2009
High risk principles implementation: April 2010
Mandatory principles
Principle 1 - Information asset custodianship readiness
Identification of agency information assets ensures that information asset custodianship roles and responsibilities are assigned, and that custodians have an understanding of the information assets under their care. To support information asset custodianship processes, agencies must, at a minimum:
- identify the agency's information assets
- ensure an information asset register is established and maintained
- assign role(s) for the management of the agency's information asset register
Principle 2 - Information asset custodianship policy and assigned responsibility
The development of information asset custodianship policies provides the foundation for implementing custodianship processes. At a minimum, agencies must:
- develop and implement an agency information asset custodianship policy which is consistent with government ICT directions, legislative and regulatory obligations and relevant standards
- assign information asset custodians for administration and management of information assets held in the care of the agency
- provide training for assigned information asset custodians reflecting their roles and responsibilities
Principle 3 - Information asset custodianship implementation
to maximise value from information assets, information custodians must maintain accuracy, consistency, integrity, accessibility and licensing obligations. At a minimum, the agency must:
- develop and implement processes to track and manage information assets over their lifecycle
- ensure all processes are developed and implemented in accordance with legislative and regulatory obligations, including privacy, security, confidentiality, copyright, intellectual property, lawful disclosure, recordkeeping and appropriate authorisation
- ensure processes fulfil licensing and contractual arrangements/agreements (as set by the owner) for Queensland Government intellectual property in accordance with the Queensland Public Sector Intellectual Property Guidelines