FOI 27 2016 Document 15 for release.pdf

[Released under the Freedom of Information Act 1982; FOI 27_2016]

CER Information Management Strategy
This policy refers to:
Information management
Published date:
04.05.15
Date for review:
01.07.16
Application:

Purpose:

Owner:
CER Chief Information Officer
Contact:
Shaun Keane
Category:
Information management
The electronic version published on the intranet is the current policy.

1

Contents
Executive Summary ............................................................................................................................................. 4
Making it happen ............................................................................................................................................ 4
Introduction ......................................................................................................................................................... 4
Document Audience ........................................................................................................................................ 4
Document Purpose .......................................................................................................................................... 4
Coverage ......................................................................................................................................................... 5
Where Does the Information Management Strategy Fit In? ............................................................................ 5
Good Information Management is our Core Business ...................................................................................... 6
Decision Making .......................................................................................................................................... 6
Providing Information ................................................................................................................................. 6
Custodian of Data and Distributor of Policy Information ............................................................................ 6
Compliance ................................................................................................................................................. 6
Security ....................................................................................................................................................... 7
Management Information ........................................................................................................................... 7
Managing the Information Asset ................................................................................................................. 7
Knowledge .................................................................................................................................................. 7
Information and knowledge management will allow us to: ......................................................................... 7
Strategic Principles for Information Management .......................................................................................... 8
Information Life Cycle Management ............................................................................................................... 8
Capabilities We Need to Provide for Effective Information Management ....................................................... 9
Appendix 1 ......................................................................................................................................................... 10
Requirements and Responsibilities Surrounding Information Management ................................................. 10
Scheme and Legislative Requirements ..................................................................................................... 10
Client and Stakeholder Requirements ....................................................................................................... 10
Intelligence Analysis Requirements .......................................................................................................... 11
Security Requirements .............................................................................................................................. 11
Information Consolidation ........................................................................................................................ 11
Efficiency through use of Technology ....................................................................................................... 11
Records Management Requirements ............................................................................................................ 12
Standards .................................................................................................................................................. 12
Appendix 2 ......................................................................................................................................................... 13
Work Plan ...................................................................................................................................................... 13
CER Information Management Strategy

2

Short Term Work Plan (0‐6 months) ......................................................................................................... 13
Medium Term (6‐12 months) Work Plan .................................................................................................. 14
Long Term (12 months and beyond) Work Plan ........................................................................................ 14
Appendix 3 ......................................................................................................................................................... 15
Information Quality and Assurance ............................................................................................................... 15
Related policies and references .................................................................................................................... 17
Policies ...................................................................................................................................................... 17
Consultation .................................................................................................................................................. 18
Endorsement ................................................................................................................................................. 18
Approval ........................................................................................................................................................ 18
Version control .............................................................................................................................................. 18

CER Information Management Strategy

3

Executive Summary
The Clean Energy Regulator is an independent statutory authority and has legislative obligations for how it
must operate, communicate with clients and manage these interactions. This includes the handling of data
and information.
This information management strategy caters for the diversity of business carried out by the Clean Energy
Regulator and that Information Management maturity will evolve over time.
The Clean Energy Regulator will only achieve its information management objectives by articulating its
requirements for good information management in a framework supported by capabilities that facilitate:
  staff taking responsibility for good information practice
  business processes embedding appropriate information practices, and
  systems configured to deliver information management requirements.
Making it happen
To manage our information effectively the Clean Energy Regulator will have:
  A focus on developing practical capabilities to implement
»  Records Management
»  Data Management and Reporting; and
»  Knowledge Management
The work plan deliverables in this document provide benefits to the Agency that align with the Clean Energy
Regulator’s end benefits, see the work plan in Appendix 2.
The principles for managing information also support broader Clean Energy Regulator objectives such as
those articulated in the Enterprise Risk Alignment and the principles in the Client Engagement Strategy.
Introduction
Document Audience
This document is for all Clean Energy Regulator staff.
Document Purpose
The strategy is a living document to provide overarching direction for information management in the Clean
Energy Regulator. It details our aspirations and articulates the framework for the development of necessary
policies, processes and capabilities. It will be revisited at least every 3 years.
CER Information Management Strategy

4

Coverage
This strategy encompasses all Clean Energy Regulator Information. That is: all electronic data, media, files
and physical records, collected on our technology infrastructure or created by our systems and information
created or collected by our staff in the performance of their duties.

Where Does the Information Management Strategy Fit In?
Paper
Digital
Digital
EDRMS
Records
Transition
Records
"EDi" 2015
2013
2014
2016

The Clean Energy Regulator must cease paper record‐keeping and move to digital as required under the
National Archive of Australia’s Digital Transition Plan.
Current state ‐ 2014
Transition state ‐ 2015
Future state ‐ 2016
Paper‐based record‐keeping
Transition to Digital record‐
Digital record‐keeping
keeping
Remote EDRMS managing paper
EDRMS to be implemented
EDRMS operational
records
Reliance on G: Drive holdings
Valuable and vital documents to
G: Drive archived
be moved to EDRMS with G:
drive contents made read‐only
Reliance on printed documents
Digital documents including
Digital documents including
scanned images
scanned OCR holdings
Disparate data holdings
Documents held digitally in
Integration of authorised
several business systems
business systems with EDRMS
including EDRMS
Expanded use of paper
No impact on use of paper
Paper use is appreciably reduced
CER Information Management Strategy

5

Large holdings of registry files
Large holdings of registry files
No further creation of registry
files
No real use of Metadata
Metadata beginning to be used
Confident use of Metadata
Multi‐Function devices can only
Multi‐Function devices can only
Multi‐Function devices can scan
scan images
scan images
documents using OCR

Good Information Management is our Core Business
Decision Making
Our ability to identify, analyse and prioritise regulatory risk, make well informed, reliable and consistent
decisions and provide assurance to stakeholders that regulatory objectives are met, is dependent on the
quality of the information available to managers and regulatory decision makers. Decisions made by the
Agency may be subject to review and external scrutiny. In this context it is important that decisions are
documented and the evidence used to support those decisions is available and stored in accordance with
good Government record keeping practice.
Providing Information
We are a provider of information. To be successful we need to provide accurate and consistent information
to assist clients make informed decisions about regulatory obligations. We also have a responsibility to
support the effective operation of markets through the provision of timely and reliable market information.
Custodian of Data and Distributor of Policy Information
Approximately 80% of Australian energy data used by the Commonwealth Government is collected and
managed by the Clean Energy Regulator. The National Greenhouse Energy Reporting information supplied
by Australian industry and compiled by us is an important data contributor to support Australian energy
research, discussion and decision making among Australian governments and the community. We need to
ensure that we effectively capture, store and appropriately distribute data and provide policy‐making
information according to legislative requirements.
Compliance
We have a range of compliance and enforcement obligations in particular to ensure that we’re collecting
the right amount of revenue and that instances of fraud are appropriately dealt with. These functions must
be supported by intelligence analysis and intelligence products. Intelligence work relies on access to
information and data stores and the ability to search and compare information from different sources. We
CER Information Management Strategy

6

also need to implement information management processes which support the preparation of successful
legal cases.
Security
We have a legislative obligation to protect the information we collect and to strictly control the release of
information. We need to establish and enforce consistent procedures to manage the release of information
classified as protected under the Clean Energy Act.
Management Information
Sound information management is central to effective and accountable regulator administration. We need to
collect and report performance information to enable it to effectively manage and review business processes
and the quality of outputs.
Managing the Information Asset
As with people and finances information is an important asset to the Clean Energy Regulator. We need a
framework for the management and maintenance of this asset.
Knowledge
Many Commonwealth agencies have struggled to implement knowledge management frameworks. The
Clean Energy Regulator has an opportunity to manage its information to support the continuous
development of effective business processes. Supported by appropriate ICT toolsets we are in a position to
establish cross agency collaboration and information sharing processes, develop information sets around
improving quality outcomes from business processes and provide an opportunity to document and share
experience to create a best practice knowledge base.
Information and knowledge management will allow us to:
  Deliver a holistic, strategic approach that assists us to make well informed, timely and evidenced based
decisions.
  Facilitate information access and sharing across the Agency to ensure a reduction of the risk of working
in silos and disconnected engagement with clients.
  Enable the use of information to understand our client’s behaviour, plan, forecast and predict non‐
compliance.
  Respond to client expectations for simple, modern and easy information and services so that clients can
fulfil their expectations.
  Understand the information that it needs to collect. Meet Australian Government requirements for
records management.
  Coordinate business areas and run them efficiently, leveraging the information asset.
CER Information Management Strategy

7

Strategic Principles for Information Management
The Strategic Information Management Principles prescribe the way information will be collected,
protected, stored and used in the Agency.
  Information is obtained from a single authoritative source – to support robust decisions, minimise
regulatory burden and enable consistent interpretation. Information will be collected once and screened
/ validated / checked to meet quality standards.
  Information is governed and owned – all information is governed and has clearly assigned ownership.
  Information is managed according to business value – information that has legal obligations is treated
with priority.
  Users of information are skilled and responsible – ensure that internal and external users of information
are supported to help them understand and use information responsibly.
  Information collected is on a need only basis – ensure collection process does not have surplus,
irrelevant or inaccurate information, in order to minimise regulatory burden.
  Information management practices are embedded in the organisation – business processes reflect
good information management practice and reduce duplication and re‐ work for staff.
  Information is treated as a shared asset ‐ staff are aware that the information they collect, create or
manage will be available to other users.

These Strategic Information Management Principles are complementary to the Engagement Principles in the
Client Engagement Strategy and the advice in the Good Decision Making Guide.
Information Life Cycle Management
The effective management of information throughout its useful life should be governed by Information Life
Cycle Management. Policies and procedures that reflect the Information Life Cycle will operationalise the day
to day processes and actions necessary to manage and realise the strategic value from CER’s information.
Records management practices will operationalise this cycle.

CER Information Management Strategy

8

Plan –what data is needed and how will it be used across CER for business and client purposes?
Create and collect – does the information needed exist, how is it collected or acquired, what new data is
being created?
Evaluation – how will the CER screen, check or validate the data at the source and before it is accepted?
Organise and Store – what level of technology is required to store, secure and provide access to the
information and how will the information be defined and classified.
Analyse – the Business Intelligence section provides the CER with capabilities to analyse the data. There may
be additional analysis requirements identified where this capability may need to be expanded.
Use and Disseminate – how will the information be used across CER for business, client, community and
government purposes? Will appropriate audiences be able to easily access the information they need in a
usable format?
Review – what are the processes or strategies in place to review the rules for information management?
Maintain and Protect – what standards, procedures and policies are being used to maintain and protect the
information as a CER resource and asset?
Dispose – Information disposal is governed by scheme legislation and government legislation which includes
the Privacy Act and the Archives Act. How does this apply to the information?

Capabilities We Need to Provide for Effective Information Management
We will only achieve its information management objectives by articulating its requirements in an
information management framework that facilitates:
 staff taking responsibility for good information practice
 business processes embedding appropriate information practices, and
CER Information Management Strategy

9

  systems configured to deliver information management requirements.
Develop capability through a focus on:
1.  Records Management
  Governance – agency wide records management co‐ordinated from one source.
  Policies, business classification schema, records disposal authorities.
  Electronic document and records management.
2.  Data Management and Reporting
  Governance – business custodians.
  Policies and procedures.
  Reporting tools and data warehousing.
3.  Knowledge
  Train staff on information management practice.
  Deliver metrics to better understand our business.
  Establish better practice knowledge bases.
  Provide collaboration tools and facilitate information discovery.
Appendix 1
Requirements and Responsibilities Surrounding Information Management
Scheme and Legislative Requirements
The Clean Energy Regulator was established on 2 April 2012 to administer the regulatory functions. Clients
may need to transact with several of the Regulator’s schemes. Therefore our information management
needs to support a single view of client. There are also records management requirements and security
requirements, both legislative and internal which drive the need for information management.
Client and Stakeholder Requirements
Our information management platform will need to cater for the following client and stakeholder
requirements:
  Government service delivery information for each of the CER schemes is expected to be transparent,
high quality and proactively available and in a usable format, and
  Our stakeholders expect easy access to information through multiple channels. Further guidance on
meeting client needs and expectations is defined in the Client Engagement Strategy.
CER Information Management Strategy

10

Intelligence Analysis Requirements
We have a range of compliance and enforcement obligations which must be supported by intelligence
analysis and intelligence products. Intelligence work relies on access to information and data stores and the
ability to search, collate and customise reports. These reports will sometimes focus on single entities or
outliers. Other intelligence analysis products will be wider in scope and will be used to create a broad,
informed picture of our clients and regulated community.
The ATO, ACC, ASIC and ACCC are regulatory agencies that we have agreements in place with to share
information. These agencies will also rely on the integrity and timeliness of our information. Building and
maintaining a reputation as trusted providers of quality information is the responsibility of all Clean Energy
Regulator employees.
The Enterprise Data Warehouse is of critical importance for consistent information capture across the Clean
Energy Regulator and meeting the objective of harnessing all our information whether for internal or
external intelligence purposes or scheme purposes.
Security Requirements
Client personal and compliance information needs to be secured in accordance with legislative and
Australian Government obligations. Our information systems must meet obligations with respect to the
Commonwealth security requirements as stated in the Protective Security Policy Framework and the
Information Security Manual, and legislative requirements as stated in the Clean Energy Regulator Act 2011
and climate change law, the Crimes Act and the Privacy Act.
In addition, IT security must be consistent across our work programs and must comply with the ICT Security
Policy.
Information Consolidation
A large number of existing and non‐integrated systems were acquired from our schemes when they were
brought together under the establishment of the Clean Energy Regulator. Our Enterprise Data Model will be
a critical step to enable us to progress from using disparate information systems and manual reporting
processes to systems that support our business objectives from a holistic perspective.
Efficiency through use of Technology
Technology enables us to process, manage and provide access to large volumes of information efficiently. In
the Clean Energy Regulator the technology systems are used primarily for managing either records or
knowledge.
As technology solutions require a substantial lead time to be defined and built a variety of spread sheets and
word documents stored on the G:drive have been used as interim solutions. These will be phased out as fit
for purpose technology that is part of the enterprise architecture is developed.
Our technology investment in information management systems will be supported by business training
initiatives to ensure that business areas make effective use of the technology systems and applications.
CER Information Management Strategy

11

Records Management Requirements
As an Australian Government agency the Clean Energy Regulator is obliged to have in place a
record keeping system that manages information according to legislative, evidentiary and
accountability requirements. These include:
  Freedom of information Act 1982
  Archives Act 1983
  Privacy Act 1988
  Crimes Act 1914
  Public Governance, Performance and Accountability Act 2013
  Public Service Act 1999
Standards
  Australian Records Management Standard ISO 15489
  National Archives of Australia
CER Information Management Strategy

12

  The Australian National Audit Office
  National Government Information Sharing Strategy

Creating, capturing and managing information records are important for meeting statutory
recordkeeping requirements. We need to fully document key strategic, operational and
regulatory decisions to provide a record of evidence, analysis and judgement. Well documented
decisions:
  improve accountability
  increase transparency of the decision rationale
  provide evidence in appeals and reviews of decisions by meeting requirements for records of the process
that led to the decision, and
  in time, develop consistency of decision‐making in an organisation.
Obligations are also placed on the regulated community and there is an expectation that we will handle our
information in a manner which reduces regulatory burden and supports clients and external stakeholders to
meet their obligations.
Record keeping services for our paper–based registry files are currently leveraged from the Department of
Environment. The EDRMS to be completed in May 2015 will provide all record keeping services.
The EDRMS will be the source of all our official records.
Appendix 2
Work Plan
Information management requires a large step change and a long term commitment. This draft work plan
outlines an organised approach to assist in maturing our information management framework.
Short Term Work Plan (0‐6 months)
Item
Details

  Records Manager to be accountable for a CER Records Authority.
Strategic Priorities

CER Information Management Strategy

13

  Undertake a records management Agency self‐assessment check‐up.
Records Management
  Records and Information Management Policies.
  CER Business Classification Scheme.
  EDRMS pilot and releases.

  CER Metadata Standards.
Data management and
reporting
  Data Reference Model.
  Enterprise Data Model and Policy
  Data Management Processes.

  Migrate existing collaboration sites and rollout further sites.
Knowledge
  Improve Intranet knowledge base and information sharing capabilities.
  Deliver information discovery tools – improved high end search
function.

Establish KPIs for EDRMS business processes and deliver reports.

Medium Term (6‐12 months) Work Plan
Item
Details

Strategic Priorities
Review information management policies.

  Completed phase one rollout of EDRMS
Records Management
  Ongoing RM training plan.
  Business Area Training Package.
  Review legacy and continuing paper file requirements.

  Deliver CER better practice knowledge bases.
Knowledge management
Long Term (12 months and beyond) Work Plan
Item
Details
CER Information Management Strategy

14

  Review operation of information management in CER
Strategic Priorities
  Review operation of data and reporting MoU’s and sharing
arrangements.

Review effectiveness of data warehouse and reporting.

  Potential project to scan legacy information into EDRMS
Records Management
  Further automation of electronic records management metadata
tagging.

  Review requirements for sharing and recording of CER business
Knowledge
information
  Tools to support

Appendix 3
Information Quality and Assurance
Embedding good information management practice in business processes requires a minimum set of
standards that apply to all our information to make certain that our strategic goals and benefits are met.
To ensure that information management practice positions us for success we will judge the quality of
information by using the following information attributes:
Information
Implementation activities to
Benefits
Link to CER
attributes
cultivate attribute

  Information is shared
  Effective
Discoverable
Information must be classified,
across the organisation
Operations.
stored and maintained in a
manner that makes it easily
  Avoids information
  Efficient
accessible and discoverable
silos.
Operations.
based on the role of the person
seeking it.
CER Information Management Strategy

15

Information
Implementation activities to
Benefits
Link to CER
attributes
cultivate attribute

  CER responsibility to
  Effective
Secure legal and
The CER receives, handles,
manage information is
Operations.
private
stores and sends sensitive
consistent with legal
information which requires
  Efficient
and ethical obligations
protection and needs to be
Operations.
are met.
secured by technical and non‐
technical measures in
  Information provided
accordance with legislative
to others is secure,
requirements and information
accurate, legal and
classification standards.
appropriate

  Minimises data
  Effective
Processes to validate data must
integrity issues.
Operations.
Accurate, consistent  be undertaken early. If
  Validating information
  Efficient
and reliable
information is being collected
from clients or a third party
at the source as it is
Operations.
processes should be in place to
collected saves time
  Acceptable
detect and correct errors as
and effort.
Regulatory
early as possible.
Burden.
  Engaged and
Compliant
Participants.

Information holdings support
  Reduces regulatory
  Effective
evidence based decisions. This
burden.
Operations.
Gathered once,
includes the rationale
  Acceptable
used many times
underpinning the decision and
Regulatory
the evidence supporting the
Burden.
decision.
Decision maker
Information holdings support
  Satisfies regulator
  Effective
needs are met
evidence based decisions. This
transparency and audit
Operations.
includes the rationale
trail requirements.
  Consistent
underpinning the decision and
Regulatory
the evidence supporting the
Posture.
decision.
CER Information Management Strategy

16

Information
Implementation activities to
Benefits
Link to CER
attributes
cultivate attribute
Core business
Processes, procedures and
  All CER staff are
  Effective
practices are
systems for managing
involved with
Operations.
designed in‐line
information take on a whole of
maintaining
with information
CER relevance.
information
management
management practices
principles
in their daily work.



Fit for Purpose
The right information is
Information is easily
Effective
collected, classified and stored.
identified and decisions
Operations.
can be made in a timely    Acceptable
way.
Regulatory
Burden.
  Consistent
Regulatory
Posture.
Related policies and references
  Policies
  CER Information Management Policy
  CER NAP Guidelines


CER Information Management Strategy

17

Consultation
Internal stakeholders:

External stakeholders:

Endorsement
Endorsed on:
04.05.15
By:
Chief Operations Officer
Signature:

Approval
Approved on:

By:

Signature:

Period of effect:

Review date:
01.07.15
Version control
Version Date
Author
Approver
CER Information Management Strategy

18

3.0
04/05/2015
J Manley; Z. Faulkner; Andrew
Endorsed by Chief Operations Officer
Hidayat; Garry Wyatt; Alex Hilson

CER Information Management Strategy

19