nsw government · pdf filensw government classification and labelling guidelines. information...
TRANSCRIPT
NSW Government
Document Management Solutions
Standard
v1.0
June 2015
ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 [email protected]
Document Management Solutions Standard
2
CONTENTS
1. CONTEXT 3
1.1. Background 3
1.2. Purpose 3
1.3. Scope and application 3
1.4. Policy context 3
1.5. The ICT Services Catalogue 4
2. KEY PRINCIPLES 4
3. REQUIREMENTS 5
3.1. Information lifecycle 5
3.2. Service level and complexity 6
3.3. Requirements tables 6
3.3.1 Silver (standard) – Use Cases / Scenarios 7
3.3.2 Gold (complex) – Use Cases / Scenarios 9
3.4. Elements of DM standard 11
3.4.1 Acquisition/Capture 11
3.4.2 Document Management 11
3.4.3 Collaboration/Workflow 12
3.4.4 Service Management 13
DOCUMENT CONTROL 16
APPENDIX A – DEFINITIONS 17
Information lifecycle elements 17
Worker types 17
APPENDIX B – ABBREVIATIONS 18
APPENDIX C – REFERENCES 19
APPENDIX D – STANDARDS 20
Developing technical standards 20
Management and implementation 20
Document Management Solutions Standard
3
1. CONTEXT
1.1. Background
This is a technical standard developed through the NSW ICT Procurement and Technical Standards Working Group. The standard contains technical and functional requirements that agencies should consider when procuring ICT services for document management (DM) solutions.
By defining the necessary and common elements across agencies the standard provides an opportunity to leverage the buying power of Government as a whole, improve procurement efficiency and increase interoperability.
1.2. Purpose
The purpose of this standard is to assist NSW Government agencies to evaluate the functionality of DM solutions and tools, as well as take full advantage of their benefits. This standard also helps agencies procure in a strategic manner that reflects the NSW Government’s priorities as outlined in the NSW Government ICT Strategy. This standard sets out the minimum technical requirements for the provision of DM solutions to NSW Government.
This standard details the issues that need to be considered so each agency can identify the available options that best suit their business requirements, helping agencies achieve value for money through cost savings and improved flexibility of service offerings.
1.3. Scope and application
This standard applies to all NSW Government departments, statutory bodies and shared service providers, in the procurement of DM solutions. It does not apply to state owned corporations, but is recommended for their adoption.
For the purposes of this standard, ‘DM solution’ describes all elements of a system for providing DM for an organisation.
This standard sets out service definitions as minimum requirements that vendors must meet to be able to offer their services through the NSW ICT Services Catalogue. Agencies should consider any specific operational or regulatory factors that impact their requirements, and specific requirements they have in addition to those detailed in this standard.
1.4. Policy context
The NSW Government ICT Strategy and Implementation Update 2013-14 set out the Government’s plan to: build capability across the NSW public sector to deliver better, more customer-focused services that are available anywhere, anytime; and to derive increased value from the Government’s annual investment in ICT.
Developing whole of NSW Government ICT technical standards is a key initiative of the NSW Government ICT Strategy, driven by the ICT Procurement and Technical Standards Working Group. These standards leverage principles defined in the NSW Government ICT Strategy and the NSW Government Cloud Services Policy and Guidelines, and they support the ICT Services Catalogue.
The standards set out service definitions as minimum requirements that vendors must meet to be able to offer their services through the ICT Services Catalogue. This helps achieve consistency across service offerings, emphasising a move to as a service sourcing strategies in
Document Management Solutions Standard
4
line with the NSW Government ICT Strategy, and it signals government procurement priorities to industry.
This standard should be applied along with existing standards, policies and guidance that make up the NSW Information Management Framework, as set out in the Information Management: A Common Approach, and including the NSW Digital Information Security Policy. In addition, solutions should assist agencies in their alignment with the NSW Government Enterprise Architecture Strategy.
NSW Government agencies must carefully consider their obligations to manage government data and information. Contract arrangements and business processes should address requirements for data security, privacy, access, storage, management, retention and disposal. ICT systems and services should support data exchange, portability and interoperability.
More information on the process for the development of standards that populate the ICT Services Catalogue is at Appendix D – Standards.
1.5. The ICT Services Catalogue
This catalogue provides suppliers with a showcase for their products and services, and an opportunity to outline how their offerings meet or exceed standard government requirements. The standards, together with supplier service offerings, help to reduce red tape and duplication of effort by allowing suppliers to submit service details only once against the standards. The offerings are then available to all potential buyers, simplifying procurement processes for government agencies.
Implementing this category management approach will embed common approaches, technologies and systems to maintain currency, improve interoperability, and provide better value ICT investment across NSW Government.
2. KEY PRINCIPLES
This standard is based on the following principles:
End-to-end digital: DM solutions should facilitate end-to-end digital management, without the need to move in and out of hardcopy format through the process.
Customer-centricity: DM solutions should provide a positive end-user experience, designed around the needs of the user and the “journey” from document capture and indexing, through search, retrieval, editing and dissemination, to archiving or disposal. DM solutions should support the ability to form a single view of the customer, presenting all relevant documents together where appropriate. They should facilitate public engagement where they are used for data collection from members of the public, accounting for privacy and security requirements. Streamlined authentication mechanisms (using trusted identity providers) can help maintain a customer-centric focus.
Eliminating duplication: DM solutions, and associated workflow processes, should minimise the need to enter (or re-enter) data and information. Manual information entry also creates the potential for errors in datasets.
Facilitating as a service: DM solutions should be available as a service. Vendors should facilitate agency transitioning from on-premise software to solutions provided as service.
Performance and latency: DM solutions should be designed to optimise performance and minimise latency across all functions to encourage concurrent use and collaboration across different geographic locations.
Document Management Solutions Standard
5
Business process integration: DM solutions should be capable of integration and interoperability with other systems to enable seamless business processes. Document storage, editing and retrieval should be built into business processes, to ensure that any DM system used creates minimal (or preferably no) impact on staff. It should be more efficient for staff to use the DM solution than to not use it.
Interoperability: DM solutions must meet industry recognised standards for metadata and interoperability to support sharing, security and business process integration, across the whole information lifecycle as set out in 3.1.
Accountability: DM solutions must support the creation, population and export of audit metadata, workflows, permissions and any other metadata needed to evidence the authenticity, reliability, integrity and useability of documents.
Mobile and flexible: DM solutions should support mobility and flexible work practices, be accessible online or offline, and be device independent. They should also be able to integrate new technologies as required.
Vendor / operating environment agnostic: DM solutions should be vendor and operating system agnostic. Users should be able to capture, access and edit documents in a range of environments. The solution should also support import from, or export to, solutions in other environments.
DM solutions should also apply NSW data and information management principles, as outlined in Information Management: A Common Approach. Data and information should be compliant, governed, collected once, fit for purpose, defined, optimised, organised, secured, used, shared, maintained and available.
3. REQUIREMENTS
3.1. Information lifecycle
The following elements should be considered when assessing a DM solution:
1. Acquisition/capture 2. Document management 3. Collaboration/workflow 4. Service management
These elements are drawn from a typical information lifecycle, which includes capture, distribute, use, maintain and dispose of data, as set out in the NSW Information Management Framework – Information Management: A Common Approach. DM solutions must also comply with IPC privacy guidance, NSW State Records requirements – including the Standard on Records Management, and the NSW Government Classification and Labelling Guidelines. Information management is the process of using technology to collect, organise, store, and provide information within a company or organisation with a goal of efficient and accountable management. DM is regarded as a subset of information management. The goal of information management is to enable organisations to control and administer information assets throughout their lifecycle. A ‘document’ is recorded information or an object that can be treated as a unit (AS ISO 15489 Part 1 Clause 3.10). It is ordinarily an item or collection of written, printed, or electronic matter with accompanying metadata that provides information. DMs should facilitate the management of document content and context (metadata about process and actions). This standard also applies to ‘records’, as defined by AS ISO 15489 (Part 1 Clause 3.15) and the State Records Act 1998 (NSW). See the State Records NSW Glossary for more detail on relevant definitions.
Document Management Solutions Standard
6
3.2. Service level and complexity
DM can be provided in a range of ways. For example, the supplier of the service may manage some of the service or environment during the course of the contract, or the supplier of the service may manage the entire service for course of the contract. The following requirements use case tables are separated into three service levels, bronze, silver and gold, reflecting the complexity of the DM solution required:
Bronze: Not defined at this time.
Silver: Standard DM solution or service.
Gold: Advanced/complex DM solution or service.
3.3. Requirements tables
The following tables set out the recommended business and technical requirements for NSW Government. They provide a consistent approach for all NSW Government agencies regardless of their size. Explanations for each element of the following use cases are provided at section 3.4.
Meeting the requirements of this standard
A service that meets all the requirements across both worker types and ‘public’ at Silver or Gold level, in relation to at least one of the above stages of the information lifecycle, meets this standard.
For example, if a service meets all of the requirements of the ‘Acquisition/capture’ lifecycle stage, at the Silver level, across both worker types and public, then that service is deemed compliant. Where this service is represented in the ICT Services Catalogue, the stage(s) for which it is compliant will be noted. See Appendices A and B for additional details on information lifecycle stages and worker types, as well as a list of abbreviations used in this standard. See the NSW Government Cloud Services Policy and Guidelines for as a service and cloud definitions.
Document Management Solutions Standard
7
3.3.1 Silver (standard) – Use Cases / Scenarios
‘Use cases’ for standard DM that are anticipated in agencies are included in the table below. The corresponding requirement sections of this standard are ticked in the columns.
Use Case / Scenario SILVER
Acquisition/Capture Document Management O
pti
cal C
har
acte
r R
eco
gnit
ion
Emai
l
Dig
ital
isat
ion
of
pap
er d
ocu
men
ts
Bu
lk im
po
rt
Dig
ital
wo
rkfl
ow t
o D
M
Elec
tro
nic
do
cum
ents
Elec
tro
nic
&/o
r m
anu
al m
etad
ata
cap
ture
Secu
re d
ocu
men
t
Acc
ess
sch
edu
le
Ver
sio
n co
ntr
ol
Cla
ssif
icat
ion
& la
belli
ng
Off
ice
too
ls in
tegr
atio
n
Cu
sto
m m
etad
ata
clas
sifi
cati
on
Co
nte
nt
sear
chin
g
Ret
riev
al v
ia m
etad
ata
sear
ch
Web
& m
ob
ile b
ased
acc
ess
Off
line
syn
chro
nis
atio
n
LDA
P au
then
tica
tio
n &
au
thor
isat
ion
Ro
les
bas
ed a
uth
ori
sati
on
CM
IS in
tegr
atio
n
Do
cum
ent
con
tro
l
Ente
rpri
se s
earc
h
File
pla
n m
anag
emen
t
Ret
enti
on
pol
icy
man
agem
ent
Au
tom
ated
dis
po
siti
on
s
Trac
king
& d
ocum
enti
ng
of
reco
rd
des
tru
ctio
n
Secu
re le
gal &
aud
it h
old
s
Form
al/i
nfo
rmal
do
cum
ents
Office-based Worker
Mobile Worker
Public
Document Management Solutions Standard
8
Use Case / Scenario SILVER
Collaboration/Workflow Service Management
Rea
l tim
e ed
itin
g o
f d
ocu
men
ts
Secu
rity
of
doc
umen
ts &
p
rofi
les
Lin
ear
wo
rkfl
ow
pro
cess
ing
Inte
rnal
& e
xter
nal
sh
arin
g o
f fi
les
Inst
ant
mes
sagi
ng
inte
grat
ion
No
tifi
cati
on
on
do
cum
ent
upd
ates
Pla
nni
ng
& s
ched
ulin
g m
anag
emen
t o
f w
ork
flo
w
Par
alle
l wor
kflo
w
pro
cess
ing
Wo
rkfl
ow
tas
k &
cas
e m
anag
emen
t
Ru
les
inte
grat
ion
Self
-ser
vice
ad
min
istr
atio
n
Full-
serv
ice
adm
inis
trat
ion
Clo
ud
co
mpl
ian
t h
ost
ing
faci
lity
NSW
Go
vern
men
t D
ata
Cen
tre
On
sho
re/o
ffsh
ore
m
anag
emen
t
No
n-p
ropr
ieta
ry &
op
en
stan
dar
ds
com
pat
ible
Au
dit
logg
ing
Co
mp
lian
ce w
ith
NSW
Go
vern
men
t le
gisl
atio
n
Serv
ice
leve
l m
anag
emen
t
Mu
lti-
serv
ice
bro
ker
pro
visi
on
Office-based Worker
Mobile Worker
Public
Document Management Solutions Standard
9
3.3.2 Gold (complex) – Use Cases / Scenarios
‘Use cases’ for standard DM that are anticipated in agencies are included in the table below. The corresponding requirement sections of this standard are ticked in the columns.
Use Case / Scenario GOLD
Acquisition/Capture Document Management
Op
tica
l Ch
arac
ter
Rec
ogn
itio
n
Emai
l
Dig
ital
isat
ion
of
pap
er d
ocu
men
ts
Bu
lk im
po
rt
Dig
ital
wo
rkfl
ow t
o D
M
Elec
tro
nic
do
cum
ents
Elec
tro
nic
&/o
r m
anu
al m
etad
ata
cap
ture
Secu
re d
ocu
men
t
Acc
ess
sch
edu
le
Ver
sio
n co
ntr
ol
Cla
ssif
icat
ion
an
d la
bel
ling
Off
ice
too
l in
tegr
atio
n
Cu
sto
m m
etad
ata
clas
sifi
cati
on
Co
nte
nt
sear
chin
g
Ret
riev
al v
ia m
etad
ata
sear
ch
Web
& m
ob
ile b
ased
acc
ess
Off
line
syn
chro
nis
atio
n
LDA
P a
uth
enti
cati
on
and
au
tho
risa
tio
n
Ro
les
bas
ed a
uth
ori
sati
on
CM
IS in
tegr
atio
n
Do
cum
ent
con
tro
l
Ente
rpri
se s
earc
h
File
pla
n m
anag
emen
t
Ret
enti
on
pol
icy
man
agem
ent
Au
tom
ated
dis
po
siti
on
s
Trac
king
& d
ocum
enti
ng
of
reco
rd
des
tru
ctio
n
Secu
re le
gal a
nd
audi
t h
old
s
Form
al/i
nfo
rmal
do
cum
ents
Office-based Worker
Mobile Worker
Public
Document Management Solutions Standard
10
Use Case / Scenario GOLD
Collaboration/Workflow Service Management
Rea
l tim
e ed
itin
g o
f d
ocu
men
ts
Secu
rity
of
doc
umen
ts &
p
rofi
les
Lin
ear
wo
rkfl
ow
pro
cess
ing
Inte
rnal
& e
xter
nal
sh
arin
g o
f fi
les
Inst
ant
mes
sagi
ng
inte
grat
ion
No
tifi
cati
on
on
do
cum
ent
upd
ates
Pla
nni
ng
& s
ched
ulin
g m
anag
emen
t o
f w
ork
flo
w
Par
alle
l wor
kflo
w
pro
cess
ing
Wo
rkfl
ow
tas
k &
cas
e m
anag
emen
t
Ru
les
inte
grat
ion
Self
-ser
vice
ad
min
istr
atio
n
Full-
serv
ice
adm
inis
trat
ion
Clo
ud
co
mpl
ian
t h
ost
ing
faci
lity
NSW
Go
vern
men
t D
ata
Cen
tre
On
sho
re/o
ffsh
ore
m
anag
emen
t
No
n-p
ropr
ieta
ry &
op
en
stan
dar
ds
com
pat
ible
Au
dit
logg
ing
Co
mp
lian
ce w
ith
NSW
Go
vern
men
t le
gisl
atio
n
Serv
ice
leve
l m
anag
emen
t
Mu
lti-
serv
ice
bro
ker
pro
visi
on
Office-based Worker
Mobile Worker
Public
Document Management Solutions Standard
11
3.4. Elements of DM standard
3.4.1 Acquisition/Capture
Solutions should be able to capture documents/data (either manually or electronically) for storage and work-flowing (as appropriate) to an appropriate DM solution. Should a solution not have capture methods, it must be able to demonstrate as a minimum that it has the ability for this function to be added to it – through integration of a ‘bolt on’ element or identifying appropriate third-party solutions/services.
Examples of document capture for the purposes of this standard include (but are not limited to):
Optical Character Recognition (OCR).
Email – with and without attachments.
Digitisation of paper documents – hardcopy documents digitised for storage.
Bulk import – allowing automated, efficient import or acquisition of documents.
Digital workflow to DM – digital workflow of documents either natively as part of the solution or as a connector to a third party workflow engine.
Electronic documents (most common formats) – either directly or from email, collaboration and/or other third party solutions or business systems.
Electronic &/or manual metadata capture – for manual a minimum requirement is the manual entry of identification material related to the document.
In addition to digitally capturing data, solutions should be able to provide audit logs (events tracking). Event information must be specific, meaningful and useful.
3.4.2 Document Management
Solutions should be able to manage documents/records throughout their life (including disposal and/or archiving) as required by the agency. Elements that should be delivered as a minimum are listed below. Any additional element(s) would be considered favourably and should be highlighted in any response to market engagements.
All solutions must be able to input/export content and defined metadata to a format that is industry standard to facilitate transfer between solutions should an agency need to change its solution.
Secure document – preventing unauthorised access and managing the rights to access the document. This includes automated security access control, based on the file plan. This should also address the situation where a person who is able to assign rights to access leaves an organisation, and the rights to access require modification.
Access schedule – ability to change the access group based on certain criteria.
Version control – management of changes to documents, and other collections of information linked to business process/workflow.
Classification & labelling – process of assigning document(s) to one or more classifications or labelling categories for sensitive information, as per NSW Government classification and labelling requirements.
Office tools integration – interoperability of the digital document with the organisations office productivity tools.
Document Management Solutions Standard
12
Custom metadata classification – ability to modify the class or category of data that has been assigned to a digital document in order to provide information about the document for the purpose of identification.
Content searching – use of search technology to find or extract a document based on its digital content (as opposed to the meta-data).
Retrieval via metadata search – use of search technology to find or extract a document based on its metadata.
Web & mobile based access – obtain or retrieve a digital document via the web or a mobile device.
Offline synchronisation – work on documents whilst not directly connected to the DM repository and update documents automatically when connected.
LDAP authentication & authorisation – use of agency Lightweight Directory Access Protocol (LDAP) solution to authenticate a user and provide authorisation to access documents.
Roles based authorisation – granting document access based on a user’s login credentials.
CMIS integration (Content Management Interoperability Services) – share and access documents across multiple content management systems.
Document control (lifecycle) – mechanism to manage and classify the various stages of a document as it changes from version to version.
Enterprise search – discovery and output technology to search for document content regardless of where it exists for example collaboration repositories, email solutions, network shares, intranets, extranets, websites, databases, social media etc. Consider whether an option is required to provide a link to all documents which a person in a specific role has accessed, so that if a new person comes into the role they can quickly identify and access those same documents – enhancing business continuity.
File plan management – define the method for classifying records and document classifications.
Retention policy management – define the method for document retention periods.
Automated dispositions – automated destruction/permanent retention of record(s) or document(s), based on the file plan. This should also address scenarios where exceptions arise because specific documents need to be retained beyond minimum periods, e.g. through the use of prompts to check before documents are destroyed.
Tracking & documenting of record destruction.
Secure legal & audit holds – to preserve all forms of relevant information during an audit or when legal action is reasonably anticipated.
Formal/informal documents – ability to distinguish between documents that have been part of a formal work or approval process from “informal” documents.
3.4.3 Collaboration/Workflow
Solutions should be able to provide a level of collaboration/workflow for the management of documents/data. Should a solution not have collaboration/workflow capability, it should be able to demonstrate as a minimum that it has the ability for this function to be added to it – through integration of a ‘bolt on’ element or through identifying appropriate third-party solutions/services. This section should be considered in conjunction with the ‘collaboration’ elements of the Messaging Collaboration and Unified Communications Standard.
Real time editing of documents – technology to enable Real Time Collaborative Editing (RTCE), allowing multiple users to edit the same document or file simultaneously (with merging, conflict prevention and resolution for protecting edits).
Document Management Solutions Standard
13
Security of documents & profiles – securing document(s) from unauthorised access and managing the rights to access documents via user accounts / profile based / role based controls inherited from the file plan.
Linear workflow processing – basic workflow process of moving document(s) in a sequential manner from user to user or queue to queue and ability to move the document forward or backwards in the process by accepting or rejecting changes; document versions should be linked to workflow steps, e.g. it can be viewed as it was submitted to a committee, then viewed as it was edited after taking in committee input etc.
Internal & external sharing of files – ability to access, upload or download documents across corporate and public networks.
Instant messaging integration – real time communication service over the Internet allowing collaboration on a document (beyond and/or in additional to services provided within a collaboration tool).
Notification on document updates – electronically alerts/notification to users of event triggers for example document updates etc.
Planning & scheduling management of workflow – for example manage workload across users or when user needs to complete a specific piece of work.
Parallel workflow processing – ability to run two or more workflows concurrently when they split onto separate paths and manage process if they re-join.
Workflow task & case management – manage tasks or actions involving document workflows. Encapsulates metadata relating to a case where document is a sub component.
Rules integration – ability to dynamically specify, modify, or control rules associated with workflow process.
3.4.4 Service Management
Self-service administration
The ability to automatically provision and de-provision for all agency resources within the system, together with other appropriate administration and management tasks that can be delegated from the service provider that do not impinge on the solution being provided to other customers.
Full-service administration
All provisioning, de-provisioning, together with all other administration and management tasks required to operate the environment, are provided as part of the service offering. The only exception will be service management of the provider which remains the sole responsibility of the initiating agency.
Cloud compliant hosting facility
All relevant cloud services for the solution are to be provisioned from a compliant hosting facility. Compliant hosting is defined as having the following attributes and/or capabilities:
The location of the hosting facility must be identified either by name and/or location (city and country) in any response
The hosting location cannot be changed without first informing the agency concerned
The service provider undertakes, maintains and provides access to SSAE 16 Service Organization Control (SOC) Type II reports (or equivalent) for the services and facilities in scope for the engagement
The hosting facility must comply with minimum Tier 3, as defined by the Uptime Institute, ANSI TIA-942, or an equivalent industry standard.
Document Management Solutions Standard
14
The hosting facility must be certified against ISO 27001; compliance with the following international standards is desirable:
o ISO 9001
o ISO 27002
o ISO 20000-1:2011
o ISO 14001
Other desirable certifications may include, but are not limited to:
o PCI-DSS v3.0 or later
o Australian Signals Directorate
o ASIO-T4
o Uptime Institute
o CSA
Also consider contractual obligations relating to the service provider allowing security assessments and treatment of outcomes as agreed with the client.
If the hosting facilities changes to a location that is deemed unacceptable either to NSW Government or to the agency and/or loses attributes and/or capabilities identified above, the agency may need to consider termination of services.
NSW Government Data Centre
All relevant services for the solution to be provisioned from one or both NSW Government Data Centre (GovDC). Depending on the service offering and agency requirements, it may be possible to ‘burst’ some elements of services to other location(s) subject to agreement with the commissioning agency.
Burst data centres must be deemed ‘compliant’. If the ‘burst’ data centre facilities change to a location that is deemed unacceptable either to NSW Government or to the agency, the agency may need to re-examine the ‘burst’ service or the full service.
Onshore/offshore management
All solution providers must be able to articulate where their services will be provided from, including any remote support services. For example, with a ‘follow the sun’ support model, the locations of each of their support sites around the globe need to be identified. Any changes to these need to be communicated to the customer agency promptly; depending on the terms of the arrangement, this may give the agency the right to cancel the service with appropriate notification.
Non-proprietary & open standards compatible
All data and associated material generated, captured, stored or otherwise in a compliant solution must conform with open standards principles to the extent possible such that data and metadata can be ported to another solution with minimum cost and effort should the need occur. Providers need to demonstrate compliance with this element.
Audit logging
All elements of DM solutions should have the ability to log events to an auditing facility containing as a minimum name of person (user ID) making a change together with the changes being made.
Compliance with NSW Government legislation (relating to document and/or records management)
All solutions relating to DM must be compliant with existing NSW Government legislation relating to document and/or records management. Further should this legislation change to remain an endorsed solution, the solution must reflect these changes within a reasonable timeframe.
Document Management Solutions Standard
15
Service level management
Agencies will retain ultimate responsibility for service level management in any solutions engagement, which would ordinarily be covered by a SLA. Agencies, service-brokers and solution providers need to agree all SLA reporting and other related activities as part of any transition-in process.
Multi-service broker provision
Any solution provider must work within the confines of a multi-service provider environment where either the agency or nominated provider will perform broker service provision. This will be defined as one provider being made accountable for the provision of all associated services, whether these are provided by the provider itself, or other third-party providers.
Document Management Solutions Standard
16
DOCUMENT CONTROL
Document history
Status: Final
Version: 1.0
Approved by: Procurement & Technical Standards Working Group
Approved on: 4 June 2015
Issued by: ICT Services
Contact: ICT Services, Service Innovation and Strategy Division, Office of Finance and Services
Email: [email protected]
Telephone: (02) 9372 7445
Review
This standard will be reviewed in 12 months. It may be reviewed earlier in response to post-implementation feedback from agencies.
Document Management Solutions Standard
17
APPENDIX A – DEFINITIONS
Information lifecycle elements
Use Case / Scenario Description
Acquisition/Capture
The initial information gathering and capture phase of the DM lifecycle. This needs to cover aspects of the solution that are involved with the initial capture of information, and encourage citizen engagement.
Document Management The set of services or technology for managing the document after it is captured and throughout its lifecycle.
Collaboration/Workflow
The set of services or technology for enabling collaboration on documents and the business processes associated with the documents. This area needs to be considered in relation to the Messaging, Collaboration and Unified Communications Standard.
Service Management Details elements of managing the service itself, includes full or self-service, NSW Government Data Centre, and onshore/offshore management.
Worker types
Use Case / Scenario Description
Office-based Worker
This worker type combines two worker types used in NSW Government standards, namely Task Worker and Knowledge (Office) Worker. Task Worker: Fixed location based worker. Performs a limited set of tasks. A task worker is a person that performs a specific (IT) task all day. Categories include: call centre agents, data capturing clerks and the like. In fact anyone who spends their day primarily using one application to perform their daily work is defined as a task worker. Knowledge (Office) Worker: Primarily fixed location based worker (however some mobility may be required). Performs a variety of high intensity tasks using information from various sources. Works at any of the tasks of planning, acquiring, searching, analysing, organising, storing, programming, distributing, marketing information, and those who work using the knowledge so produced.
Mobile Worker
This worker type combines two worker types used in NSW Government standards, namely Knowledge (Mobile) Worker and Field (Mobile) Worker. Knowledge (Mobile) Worker: Various locations, often at short notice and always connected. Performs a variety of high-intensity tasks, using information from various sources. Field (Mobile) Worker: Mostly in the field, rarely in the office and always connected. Performs a variety of tasks. Return to an office occasionally. This segment contains traditional field-based workers such as insurance adjusters, real estate agents, roofing contractors/agents, and sales representatives. The amount of time these individuals spend in the field varies, and often does not directly correspond to the amount of time they spend working remotely.
Public A member of the public who is associated with the document that is managed by an agency.
Document Management Solutions Standard
18
APPENDIX B – ABBREVIATIONS
AIIA Australian Information Industry Association
ASD Australian Security Directorate
ASIO Australian Secret Intelligence Organisation
CMIS Content Management Interoperability Services
CSA Canadian Standards Association
DM Document Management
GovDC Government Data Centre
ICT Information & Communication Technology
ISO International Organization for Standardization
IT Information Technology
LDAP Lightweight Directory Access Protocol
OCR Optical Character Recognition
PTS Procurement & Technical Standards
RTCE Real Time Collaborative Editing
SLA Service Level Agreement
Document Management Solutions Standard
19
APPENDIX C – REFERENCES Agencies should have regard to the following statutes, NSW Government policies and standards:
AS ISO 15489 – Australian Standard on Records Management
AS/NZS ISO 31000 Risk management – Principles and guidelines
Copyright Act 1968
DFS C2013-8 Data Centre Reform Strategy
Electronic Transactions Act 2000
Government Information (Public Access) Act 2009
Health Records and Information Privacy Act 2002
Information Management: A Common Approach
IPC Privacy Guidance
M2012-15 Digital Information Security Policy
NSW Government Open Data Policy
NSW Government Cloud Services Policy and Guidelines
NSW Government Enterprise Architecture Strategy
NSW Government ICT Strategy
NSW Government Digital Information Security Policy
NSW Government Information Classification and Labelling Guidelines
Privacy and Personal Information Protection Act 1998
Public Finance and Audit Act 1983
Public Interest Disclosures Act 1994
State Records Act 1998
State Records Standard on Records Management
TPP 09-05 - Internal Audit and Risk Management Policy for the NSW Public Sector
Document Management Solutions Standard
20
APPENDIX D – STANDARDS
Developing technical standards
Development of a standard begins with identifying the need for a new standard, which is followed by the development of the standard in consultation with the industry and experts groups, including the Australian Information Industry Association (AIIA).
The following diagram outlines the process.
The ICT Procurement and Technical Standards Working Group (PTS Working Group) is chaired by the Office of Finance and Services and includes senior representation from across NSW Government. Agencies engage with the PTS Working Group concerning services for inclusion in the ICT Services Catalogue. This drives the development of technical standards, where none exist. The PTS Working Group has the leading role in reviewing and endorsing the technical standards developed in response to agencies’ requirements. The PTS Working Group is supported by two sub-groups responsible for the areas of Telecommunications and Services and Solutions. The sub-groups are responsible for initial development and review of standards relating to their areas of responsibility.
Management and implementation
There is scope to modify standards through the NSW Government ICT governance arrangements as necessary. Standards are designed to add value, augment and be complementary to, other guidance, and they are continually improved and updated.
This standard does not affect or override the responsibilities of an agency or any employee regarding the management and disposal of information, data, and assets. Standards in ICT procurement must also address business requirements for service delivery.
NSW Procurement facilitates the implementation of the standards by applying them to the goods and services made available through the ICT Services Catalogue.
Need for new or amended standard
identified
Standard developed (Industry/agencies
consulted)
Standard approved and released by PTS
Working Group
Market engagement for services which meet the standard
Services added to Catalogue
Business requirements change