NSW GovernmentInformation ManagementFramework

Sonya ShermanPrincipal Policy Officer, InformationStrategic Policy, DFS

Records Managers Forum, 25 November 2013

NSW ICT Strategy

ICT Strategy - Key InitiativesService NSW: A new service culture that is responsive to community needs. - DPC

Open Government: Fresh approach to engaging with the public and industry through online and social media technologies. - DPC

Open Data: Making government data available to stimulate the development of innovative approaches to service delivery. - DFS

Managing Information for Better Services: Framework of common information standards across government and using information better to enhance service delivery. - DFS

Infrastructure and Managed Services: Taking advantage of consolidation, virtualisation, sourcing as a service and cloud technologies. - DFS Procurement Reform: New approach to ICT procurement to enable early engagement and better value expenditure. - DFS ICT Skills and Innovation: Building public sector ICT skills with the assistance of industry and the research sector. – DFS (with Public Service Commission)

• Make high quality government datasets available to industry and the community

• Stimulate innovative solutions to service delivery and the provision of information

Key Elements• Open Data Policy launched 11 Nov• Open access licensing (Ausgoal)• Data.nsw (and apps4nsw)

Open Data

• Support the secure reuse of information and data for better services, improved performance management, and a more productive public sector

Key Elements• Information management framework & standards• Information Security• Sharing information assets• Location Enabled Data

Managing Information for Better Services

Information Management Framework

• “…a broad suite of standards, guidelines and resources to bring a rigorous whole-of-govt approach to the State’s information assets”

Key Elements• Common approach to information architecture• Standards for data quality and exchange• Standards for metadata• Guidelines to manage/transition legacy systems

Approach to Information ManagementTo realise its potential value, data and information must be managed strategically, coordinated across NSW Government.•Outcomes-driven•7 principles

StandardsTo encourage interoperability, enable sharing and re-use of information, standards must meet specific business needs.•Business-driven•5 criteria

Information Management Framework

Digital Information Security Policy

• Requires NSW Agencies to have an Information Security Management System (ISMS)

• Requires a minimum set of controls from AS/NZ ISO 27002 in IT Security Techniques

• Certain agencies are also to certify compliance with AS/NZ ISO 27001

• Annual attestation of compliance in Annual Reports

10

Implementation timelines

11

What When StatusCommence implementation Dec 2012 Complete

Establish Community of Practice Dec 2012 Complete

Nominate Senior Responsible Officers Jan 2013 Complete

1st implementation progress report July 2013 Complete

Full compliance Dec 2013 In progress

Implement information classification system

Jan 2014 In progress

2nd implementation progress report Jan 2014 Pending

Attestation in annual report Jun 2014 Pending

Information classification

12

Dissemination Limiting Markers

Sensitive

Sensitive: NSW Government

Sensitive: NSW Cabinet

Sensitive: Legal

Sensitive: Personal

For Official Use Only (FOUO)

DFS C2013-5 Information Classification and Labelling Guidelines

13

Old New

Personnel-in-confidence Sensitive: Personal

Cabinet-in-confidence Sensitive: NSW Cabinet

Legal-in-confidence Sensitive: Legal

Commercial-in-confidence Sensitive: NSW Government

Protected Sensitive: NSW Government

Highly protected Sensitive: NSW GovernmentOr use appropriate security classification

Implementing classification

DFS C2013-5 Information Classification and Labelling Guidelines

Answers to FAQs …

1. Unlabelled information should be unclassified

2. Only relabel information if business need requires it

3. Build classification into systems

4. See the Change Management guidance on the ICT Strategy website (www.finance.nsw.gov.au/ict/resources)

5. Talk to your Senior Responsible Officer

6. Use the ready-reckoner cards and website (coming soon….)

7. Ask us at: informationsecurity@finance.nsw.gov.au

14

Other Questions….?

Questions for you…

• How does the idea that information managers are ‘pushing on an open door’ align with your experiences?

• How do you use/describe these outcomes and principles in your work? What words help you to best communicate the message?

• How have you approached the adoption of standards? Has this worked?

• How have benefits been realised? What stories can you tell of services improved through re-use of information?

• Go to the website www.services.nsw.gov.au/ict

• Follow us on Twitter @ICT_NSW

• Like us on Facebook at NSW ICT Strategy or Apps4nsw

• Email us at NSWICT@services.nsw.gov.au