Skip navigation

Guideline: System information management plans

Introduction

Records are stored and managed in a range of systems in the University to ensure compliance with the ANU Records Management Policy and Procedure.

This plan:

  • Ensures that all systems approved for records storage and management is included in a register within the record management framework
  • Provides guidance for data about the system including software, business owners, how it will be managed over its life and details about its assessment against the framework, and
  • Enables integration with ANU’s approach to Data Governance.

The template for systems is recorded below and complements Data governance templates.

System detail

System

Plan or Action

System name and full product name

System common name or abbreviation

Business owner (Division, College, School)

Business processes supported by system

External or internal use only?

Security classification

System Executive

System/business owner

PHASE 1 – Risk assessment

Yes – Document details

No – Document details

System name / full product name

1.1 Does or will the system hold unique information or data (that is not duplicated elsewhere)?

1.2 Is or will the information or data:

. be the authoritative source of truth,
. relied on to create the authoritative record, or
. feed into a system that holds the authoritative source of information or data?

1.3 Is the risk or value of the information high enough to warrant additional controls to ensure that it is trustworthy?

1.4 Is there sufficient business benefit for managing disposal within the system before decommissioning?

1.5 Are you likely to access the information or data beyond the expected life of the system?

1.6 Do or will you need to keep the information or data for longer than the expected life of the system?


PHASE 2 – Assessment of information management functionality

Module 1: Information is trusted

Yes – Document details

No – Where a risk or gap was identified in Phase 2 – indicated by a 'No' response – document the solution to address the risk or functionality gap identified.

2.1.1 Can or will you be able to prove the information or data is authentic?

2.1.2 Can or will you be able to identify or prevent unauthorised changes to the information or data?

2.1.3 When you access information or data, can or will you be able to access all relevant parts of it?

2.1.4 Does or will the system meet the Archives' minimum metadata requirements?

Module 2: Disposal is accountable

Yes – Document details

No – Where a risk or gap was identified in Phase 2 – indicated by a 'No' response – document the solution to address the risk or functionality gap identified.

2.2.1 Is or will disposal be controlled, systematic and recorded?

2.2.2 Where there is more than one disposal class, can or will you be able to manage the different disposal classes?

2.2.3 Can or will you be able to manage the system's control records in line with your accountability needs?

2.2.4 Is or will destruction be in line with the Information Security Manual and other relevant policies?

Module 3: Export – import

Yes – Document details

No – Where a risk or gap was identified in Phase 2 – indicated by a 'No' response – document the solution to address the risk or functionality gap identified.

2.3.1 Are you or will you be able to export the information or data in a usable format?

2.3.2 Are you or will you be able to import information or data into the system?

Module 4: Reporting

Yes – Document details

No – Where a risk or gap was identified in Phase 2 – indicated by a 'No' response – document the solution to address the risk or functionality gap identified.

2.4.1 Can or will the system generate reports on your information or data management processes?

2.4.2 Can or will the system create automatic alerts in response to specific triggers?

Information

Printable version (PDF)
Title Guideline - Template for System Management plans
Document Type Guideline
Document Number ANUP_6754707
Version
Purpose Template for effective system management plans.
Audience Staff
Category Administrative
Topic/ SubTopic Information Management - Records & Archives
 
Effective Date 1 Nov 2022
Next Review Date 1 Nov 2027
 
Responsible Officer: University Librarian and Director, Scholarly Information Services
Approved By: Vice-Chancellor
Contact Area Library, Archives and University Records
Authority: Archives Act 1983
Electronic Transactions Act 1999
Evidence Act 1995
Freedom of Information Act 1982
Privacy Act 1988
Information Infrastructure and Services Rule 2020
Delegations 398, 399

Information generated and received by ANU staff in the course of conducting business on behalf of ANU is a record and should be captured by an authorised recordkeeping system. To learn more about University records and recordkeeping practice at ANU, see ANU recordkeeping and Policy: Records and archives management.