Information asset custodianship policy (IS44)

Purpose

This Queensland Government Enterprise Architecture (QGEA) policy states a consistent approach to the way that custodianship is applied to all Queensland Government information assets.

Policy statement

The Queensland Government will identify its information assets and assign appropriate custodianship roles and responsibilities to ensure these assets are managed throughout their lifecycle.

Policy benefits

The Queensland Government has responsibility for its information assets. Identification of departmental information assets promotes understanding of the departments information holdings, and ensures the visibility of important government information resources.

Assigning roles and responsibilities to information assets (such as custodians) formalises asset management processes and highlights an individual assets relevance to departmental services.

Management of information assets as part of a lifecycle ensures that information is relevant to its consumers and is renewed or retired at the appropriate time. This approach significantly mitigates the risk of incorrect or out of date information being inadvertently provided to consumers.

Applicability

This policy applies to all Queensland Government departments (as defined by the Public Sector Act 2022). Accountable officers (not already in scope of the Public Sector Act 2022) and statutory bodies under the Financial and Performance Management Standard 2019 must have regard to this policy in the context of internal controls, financial information management systems and risk management. Please see the Applicability of the QGEA for further information.

Policy requirements

Policy requirement 1: Departments must identify and register their information assets

Identification of departmental information assets, and the assignment of custodians to each of those assets, ensures that custodians have a clear understanding of the information assets under their care. To support information asset custodianship processes, departments through its custodians must, at a minimum:

• identify the departments information assets
• ensure an information asset register is established and maintained
• assign role/s for the management of the departments information asset register.

Policy requirement 2: Departments must assign roles and responsibilities to information assets through a custodianship policy

The development of an information asset custodianship policy provides the foundation for implementing custodianship processes. At a minimum, departments must:

• develop and implement a departmental information asset custodianship policy which is consistent with government ICT directions, legislative and regulatory obligations and relevant standards
• assign information asset custodians for administration and management of information assets held in the care of the department
• provide training for assigned information asset custodians reflecting their roles and responsibilities.

Advice

Implementation advice and supporting documentation are available within the related documents.

Issue and review

Issue date: April 2016
Next review date: April 2018

This QGEA policy is published within the QGEA which is administered by the Queensland Government Customer and Digital Group. It was developed by the Queensland Government Chief Information Office and approved by the Queensland Government Chief Information Officer.

Implementation

This policy comes into effect from the issue date.