Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Guideline 25 – Managing Information Risk Samara McIlroy, Consultant, Government Recordkeeping 6165 6085.

Published byTamsin Cook Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to Guideline 25 – Managing Information Risk Samara McIlroy, Consultant, Government Recordkeeping 6165 6085."— Presentation transcript:

1 Introduction to Guideline 25 – Managing Information Risk Samara McIlroy, Consultant, Government Recordkeeping grk@education.tas.gov.au 6165 6085

2 Overview Background and context New Guideline and Advice Applying Risk Management Request for feedback Questions

3 Don’t know the first thing about risk management?

4 Why? New technologies bring new threats to business information and continuity Information risk often mistakenly treated as IT risk Appraisal of digital records requires a new set of competencies

5 Background and context Tasmanian Government Project Management Guidelines AS/ISO Standards Other jurisdictions Guideline 1 – Records Management Principles

6 Tasmanian Government Project Management Guidelines In November 2011, the ICT Policy Board endorsed the Project Management Guidelines as Advice for Tasmanian Government Agencies Element 5 addresses Risk Management (p90-106) Guidelines on the e-Government website under Project Management – http://www.egovernment.tas.gov.au//project_management http://www.egovernment.tas.gov.au//project_management

7 Standards AS/NZS ISO 31000:2009 Risk management - Principles and guidelines and the companion Handbook - SA/SNZ HB 436:2013 Information and documentation - Risk assessment for records processes and systems - ISO/TR 18128:2014(E) Available from the eGovernment Standards Select portal on the website

8 Other jurisdictions Records and Risk Management (PROS 10/10 G6) - Public Records Office Victoria: strategic and operational alignment FutureProof blog - State Records NSW: digital information risks Linking business to records: Managing recordkeeping risks - National Archives of Australia (NAA): identifying high-risk business functions for more intensive information management activities

9 Guideline 1 – Records Management Principles New inclusions which relate to Information Risk: Information governance Risk analysis Policy alignment Records in business systems Regular compliance audits

10 The new Risk Management Guideline and Advice Guideline No. 25 – Managing Information Risk Advice No. 60:  Part 1 - Introduction  Part 2 – Applying Risk Management processes  Part 3 – Templates and tools

11 Guideline No. 25 – Managing Information Risk – key concepts Managing information risk using risk analysis Aligning the functions of Risk Management and Records Management

12 MUSTS Agencies MUST apply risk management processes to all State records Agencies MUST undertake an information risk assessment for each of the agency's core business areas.

13 High-risk business areas: Public and media scrutiny Legal action or formal investigation Involve large amounts of money Relate to issues of security Outsourcing Administrative change Cloud-computing systems Relate to the health, welfare, rights and entitlements of citizens and/or staff Employment conditions of staff Involve organisational change and/or transitioning to new systems

14 MUSTS Risk management processes MUST cover records in all formats, including digital records outside formal recordkeeping systems, such as email, websites & business systems. Risk assessments MUST be carried out for all permanent records, including permanent records held in business systems.

15 Records in all formats: Permanent records Vital records Unscheduled records (not covered by a R&DS) Network drives Email Scanned or digitised records Business systems and cloud-computing applications Hybrid environments Websites Social media Mobile devices Etc, etc.

16 MUSTS Risk management processes MUST underpin records management operations, to ensure that risks to the agency's records and recordkeeping systems are minimised. Records management staff MUST ensure that risks to the agency's records and recordkeeping systems, especially vital records, are addressed as part of the agency’s Records Management Program.

17 MUSTS Agencies MUST align the functions of records management and risk management strategically and operationally. Agencies MUST review their Information Risk Register annually.

18 The new Guideline and Advice Guideline No. 25 – Managing Information Risk Advice No. 60:  Part 1 – Introduction  Part 2 – Applying Risk Management processes  Part 3 – Information Risk Register Template

19 Information Risk Consequence Scale

20 In practice: Information Risk Register Disaster Preparedness and Business Continuity plans Vital Records Plan Alignment with Risk Management Framework Internal and external audit programs Digital Records Preservation/ Continuity Plan Compliance with the Archives Act 1983 and with TAHO Guidelines

21 Request for feedback Closing date: Friday 31 st October

Download ppt "Introduction to Guideline 25 – Managing Information Risk Samara McIlroy, Consultant, Government Recordkeeping 6165 6085."

Similar presentations

Smarter Information Management Presenter: Dianne Macaskill Chief Executive Archives New Zealand.

Smarter Information Management Presenter: Dianne Macaskill Chief Executive Archives New Zealand.
A Record Plan for NASI National Archives of Solomon Islands 2012 Catherine Green and Bernard Rizu.

A Record Plan for NASI National Archives of Solomon Islands 2012 Catherine Green and Bernard Rizu.
Facilitated by: Pobal Training Initiative.  Using the “Managing Better” Toolkit  Principles of Good Governance  Key Responsibilities of the Company.

Facilitated by: Pobal Training Initiative.  Using the “Managing Better” Toolkit  Principles of Good Governance  Key Responsibilities of the Company.
Aligning Internal Audit & Risk Management Under the Governance Umbrella An Audit Committee Chair’s perspective Jon Isaacs NSW Public Sector Audit & Risk.

Aligning Internal Audit & Risk Management Under the Governance Umbrella An Audit Committee Chair’s perspective Jon Isaacs NSW Public Sector Audit & Risk.
Policy on digital records preservation in the NSW public sector Cassie Findlay Senior Project Officer, Government Recordkeeping.

Policy on digital records preservation in the NSW public sector Cassie Findlay Senior Project Officer, Government Recordkeeping.
Health Records Management Practitioner

Health Records Management Practitioner
1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.

1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
Managing Information Risk Allegra Huxtable Manager Government Recordkeeping Tasmanian Archive and Heritage Office.

Managing Information Risk Allegra Huxtable Manager Government Recordkeeping Tasmanian Archive and Heritage Office.
Standard on records management Catherine Robinson Senior Project Officer, Government Recordkeeping Records Managers Forum, 26 November.

Standard on records management Catherine Robinson Senior Project Officer, Government Recordkeeping Records Managers Forum, 26 November.
Introduction to the Recordkeeping for Good Governance Toolkit International Council on Archives Congress August 2012.

Introduction to the Recordkeeping for Good Governance Toolkit International Council on Archives Congress August 2012.
© The Association of Independent Schools of NSW Preparing for the ASQA Audit.

© The Association of Independent Schools of NSW Preparing for the ASQA Audit.
2015 - 2017 Audit Program: Introduction. Our role Located within the Tasmanian Archives and Heritage Office (TAHO), the Government Recordkeeping team.

Audit Program: Introduction. Our role Located within the Tasmanian Archives and Heritage Office (TAHO), the Government Recordkeeping team.
Internal Control and Internal Audit

Internal Control and Internal Audit
Benefits for using a standardised risk management framework to risk assess Infection Prevention and Control Sue Greig Senior Project Officer National.

Benefits for using a standardised risk management framework to risk assess Infection Prevention and Control Sue Greig Senior Project Officer National.
Social Media and Recordkeeping Allegra Huxtable Manager Government Recordkeeping Tasmanian Archive and Heritage Office.

Social Media and Recordkeeping Allegra Huxtable Manager Government Recordkeeping Tasmanian Archive and Heritage Office.
ICT School Policies 6 th November 2014. Suggested Policies for Schools Not always a requirement, but useful to cover you, your school and the students.

ICT School Policies 6 th November Suggested Policies for Schools Not always a requirement, but useful to cover you, your school and the students.
Information Technology Recordkeeping and Archiving in the Cloud: Is there a Silver Lining? Professor Sue McKemmish.

Information Technology Recordkeeping and Archiving in the Cloud: Is there a Silver Lining? Professor Sue McKemmish.
Guidelines 4-6 Developing a file plan for government agencies Tuvalu Government Filing Manual Funafuti, Tuvalu June 2013 There are three guidelines in.

Guidelines 4-6 Developing a file plan for government agencies Tuvalu Government Filing Manual Funafuti, Tuvalu June 2013 There are three guidelines in.
1 CHCOHS312A Follow safety procedures for direct care work.

1 CHCOHS312A Follow safety procedures for direct care work.

Similar presentations

Ads by Google