NSW Government

Document Management Solutions

Standard

v1.0

June 2015

ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 standards@finance.nsw.gov.au

Document Management Solutions Standard

2

CONTENTS

1. CONTEXT 3

1.1. Background 3

1.2. Purpose 3

1.3. Scope and application 3

1.4. Policy context 3

1.5. The ICT Services Catalogue 4

2. KEY PRINCIPLES 4

3. REQUIREMENTS 5

3.1. Information lifecycle 5

3.2. Service level and complexity 6

3.3. Requirements tables 6

3.3.1 Silver (standard) – Use Cases / Scenarios 7

3.3.2 Gold (complex) – Use Cases / Scenarios 9

3.4. Elements of DM standard 11

3.4.1 Acquisition/Capture 11

3.4.2 Document Management 11

3.4.3 Collaboration/Workflow 12

3.4.4 Service Management 13

DOCUMENT CONTROL 16

APPENDIX A – DEFINITIONS 17

Information lifecycle elements 17

Worker types 17

APPENDIX B – ABBREVIATIONS 18

APPENDIX C – REFERENCES 19

APPENDIX D – STANDARDS 20

Developing technical standards 20

Management and implementation 20

Document Management Solutions Standard

3

1. CONTEXT

1.1. Background

This is a technical standard developed through the NSW ICT Procurement and Technical Standards Working Group. The standard contains technical and functional requirements that agencies should consider when procuring ICT services for document management (DM) solutions.

By defining the necessary and common elements across agencies the standard provides an opportunity to leverage the buying power of Government as a whole, improve procurement efficiency and increase interoperability.

1.2. Purpose

The purpose of this standard is to assist NSW Government agencies to evaluate the functionality of DM solutions and tools, as well as take full advantage of their benefits. This standard also helps agencies procure in a strategic manner that reflects the NSW Government’s priorities as outlined in the NSW Government ICT Strategy. This standard sets out the minimum technical requirements for the provision of DM solutions to NSW Government.

This standard details the issues that need to be considered so each agency can identify the available options that best suit their business requirements, helping agencies achieve value for money through cost savings and improved flexibility of service offerings.

1.3. Scope and application

This standard applies to all NSW Government departments, statutory bodies and shared service providers, in the procurement of DM solutions. It does not apply to state owned corporations, but is recommended for their adoption.

For the purposes of this standard, ‘DM solution’ describes all elements of a system for providing DM for an organisation.

This standard sets out service definitions as minimum requirements that vendors must meet to be able to offer their services through the NSW ICT Services Catalogue. Agencies should consider any specific operational or regulatory factors that impact their requirements, and specific requirements they have in addition to those detailed in this standard.

1.4. Policy context

The NSW Government ICT Strategy and Implementation Update 2013-14 set out the Government’s plan to: build capability across the NSW public sector to deliver better, more customer-focused services that are available anywhere, anytime; and to derive increased value from the Government’s annual investment in ICT.

Developing whole of NSW Government ICT technical standards is a key initiative of the NSW Government ICT Strategy, driven by the ICT Procurement and Technical Standards Working Group. These standards leverage principles defined in the NSW Government ICT Strategy and the NSW Government Cloud Services Policy and Guidelines, and they support the ICT Services Catalogue.

The standards set out service definitions as minimum requirements that vendors must meet to be able to offer their services through the ICT Services Catalogue. This helps achieve consistency across service offerings, emphasising a move to as a service sourcing strategies in

Document Management Solutions Standard

4

line with the NSW Government ICT Strategy, and it signals government procurement priorities to industry.

This standard should be applied along with existing standards, policies and guidance that make up the NSW Information Management Framework, as set out in the Information Management: A Common Approach, and including the NSW Digital Information Security Policy. In addition, solutions should assist agencies in their alignment with the NSW Government Enterprise Architecture Strategy.

NSW Government agencies must carefully consider their obligations to manage government data and information. Contract arrangements and business processes should address requirements for data security, privacy, access, storage, management, retention and disposal. ICT systems and services should support data exchange, portability and interoperability.

More information on the process for the development of standards that populate the ICT Services Catalogue is at Appendix D – Standards.

1.5. The ICT Services Catalogue

This catalogue provides suppliers with a showcase for their products and services, and an opportunity to outline how their offerings meet or exceed standard government requirements. The standards, together with supplier service offerings, help to reduce red tape and duplication of effort by allowing suppliers to submit service details only once against the standards. The offerings are then available to all potential buyers, simplifying procurement processes for government agencies.

Implementing this category management approach will embed common approaches, technologies and systems to maintain currency, improve interoperability, and provide better value ICT investment across NSW Government.

2. KEY PRINCIPLES

This standard is based on the following principles:

End-to-end digital: DM solutions should facilitate end-to-end digital management, without the need to move in and out of hardcopy format through the process.

Customer-centricity: DM solutions should provide a positive end-user experience, designed around the needs of the user and the “journey” from document capture and indexing, through search, retrieval, editing and dissemination, to archiving or disposal. DM solutions should support the ability to form a single view of the customer, presenting all relevant documents together where appropriate. They should facilitate public engagement where they are used for data collection from members of the public, accounting for privacy and security requirements. Streamlined authentication mechanisms (using trusted identity providers) can help maintain a customer-centric focus.

Eliminating duplication: DM solutions, and associated workflow processes, should minimise the need to enter (or re-enter) data and information. Manual information entry also creates the potential for errors in datasets.

Facilitating as a service: DM solutions should be available as a service. Vendors should facilitate agency transitioning from on-premise software to solutions provided as service.

Performance and latency: DM solutions should be designed to optimise performance and minimise latency across all functions to encourage concurrent use and collaboration across different geographic locations.

Document Management Solutions Standard

5

Business process integration: DM solutions should be capable of integration and interoperability with other systems to enable seamless business processes. Document storage, editing and retrieval should be built into business processes, to ensure that any DM system used creates minimal (or preferably no) impact on staff. It should be more efficient for staff to use the DM solution than to not use it.

Interoperability: DM solutions must meet industry recognised standards for metadata and interoperability to support sharing, security and business process integration, across the whole information lifecycle as set out in 3.1.

Accountability: DM solutions must support the creation, population and export of audit metadata, workflows, permissions and any other metadata needed to evidence the authenticity, reliability, integrity and useability of documents.

Mobile and flexible: DM solutions should support mobility and flexible work practices, be accessible online or offline, and be device independent. They should also be able to integrate new technologies as required.

Vendor / operating environment agnostic: DM solutions should be vendor and operating system agnostic. Users should be able to capture, access and edit documents in a range of environments. The solution should also support import from, or export to, solutions in other environments.

DM solutions should also apply NSW data and information management principles, as outlined in Information Management: A Common Approach. Data and information should be compliant, governed, collected once, fit for purpose, defined, optimised, organised, secured, used, shared, maintained and available.

3. REQUIREMENTS

3.1. Information lifecycle

The following elements should be considered when assessing a DM solution:

1. Acquisition/capture 2. Document management 3. Collaboration/workflow 4. Service management

These elements are drawn from a typical information lifecycle, which includes capture, distribute, use, maintain and dispose of data, as set out in the NSW Information Management Framework – Information Management: A Common Approach. DM solutions must also comply with IPC privacy guidance, NSW State Records requirements – including the Standard on Records Management, and the NSW Government Classification and Labelling Guidelines. Information management is the process of using technology to collect, organise, store, and provide information within a company or organisation with a goal of efficient and accountable management. DM is regarded as a subset of information management. The goal of information management is to enable organisations to control and administer information assets throughout their lifecycle. A ‘document’ is recorded information or an object that can be treated as a unit (AS ISO 15489 Part 1 Clause 3.10). It is ordinarily an item or collection of written, printed, or electronic matter with accompanying metadata that provides information. DMs should facilitate the management of document content and context (metadata about process and actions). This standard also applies to ‘records’, as defined by AS ISO 15489 (Part 1 Clause 3.15) and the State Records Act 1998 (NSW). See the State Records NSW Glossary for more detail on relevant definitions.

Document Management Solutions Standard

6

3.2. Service level and complexity

DM can be provided in a range of ways. For example, the supplier of the service may manage some of the service or environment during the course of the contract, or the supplier of the service may manage the entire service for course of the contract. The following requirements use case tables are separated into three service levels, bronze, silver and gold, reflecting the complexity of the DM solution required:

Bronze: Not defined at this time.

Silver: Standard DM solution or service.

Gold: Advanced/complex DM solution or service.

3.3. Requirements tables

The following tables set out the recommended business and technical requirements for NSW Government. They provide a consistent approach for all NSW Government agencies regardless of their size. Explanations for each element of the following use cases are provided at section 3.4.

Meeting the requirements of this standard

A service that meets all the requirements across both worker types and ‘public’ at Silver or Gold level, in relation to at least one of the above stages of the information lifecycle, meets this standard.

For example, if a service meets all of the requirements of the ‘Acquisition/capture’ lifecycle stage, at the Silver level, across both worker types and public, then that service is deemed compliant. Where this service is represented in the ICT Services Catalogue, the stage(s) for which it is compliant will be noted. See Appendices A and B for additional details on information lifecycle stages and worker types, as well as a list of abbreviations used in this standard. See the NSW Government Cloud Services Policy and Guidelines for as a service and cloud definitions.

Document Management Solutions Standard

7

3.3.1 Silver (standard) – Use Cases / Scenarios

‘Use cases’ for standard DM that are anticipated in agencies are included in the table below. The corresponding requirement sections of this standard are ticked in the columns.

Use Case / Scenario SILVER

Acquisition/Capture Document Management O

pti

cal C

har

acte

r R

eco

gnit

ion

Emai

l

Dig

ital

isat

ion

of

pap

er d

ocu

men

ts

Bu

lk im

po

rt

Dig

ital

wo

rkfl

ow t

o D

M

Elec

tro

nic

do

cum

ents

Elec

tro

nic

&/o

r m

anu

al m

etad

ata

cap

ture

Secu

re d

ocu

men

t

Acc

ess

sch

edu

le

Ver

sio

n co

ntr

ol

Cla

ssif

icat

ion

& la

belli

ng

Off

ice

too

ls in

tegr

atio

n

Cu

sto

m m

etad

ata

clas

sifi

cati

on

Co

nte

nt

sear

chin

g

Ret

riev

al v

ia m

etad

ata

sear

ch

Web

& m

ob

ile b

ased

acc

ess

Off

line

syn

chro

nis

atio

n

LDA

P au

then

tica

tio

n &

au

thor

isat

ion

Ro

les

bas

ed a

uth

ori

sati

on

CM

IS in

tegr

atio

n

Do

cum

ent

con

tro

l

Ente

rpri

se s

earc

h

File

pla

n m

anag

emen

t

Ret

enti

on

pol

icy

man

agem

ent

Au

tom

ated

dis

po

siti

on

s

Trac

king

& d

ocum

enti

ng

of

reco

rd

des

tru

ctio

n

Secu

re le

gal &

aud

it h

old

s

Form

al/i

nfo

rmal

do

cum

ents

Office-based Worker

Mobile Worker

Public

Document Management Solutions Standard

8

Use Case / Scenario SILVER

Collaboration/Workflow Service Management

Rea

l tim

e ed

itin

g o

f d

ocu

men

ts

Secu

rity

of

doc

umen

ts &

p

rofi

les

Lin

ear

wo

rkfl

ow

pro

cess

ing

Inte

rnal

& e

xter

nal

sh

arin

g o

f fi

les

Inst

ant

mes

sagi

ng

inte

grat

ion

No

tifi

cati

on

on

do

cum

ent

upd

ates

Pla

nni

ng

& s

ched

ulin

g m

anag

emen

t o

f w

ork

flo

w

Par

alle

l wor

kflo

w

pro

cess

ing

Wo

rkfl

ow

tas

k &

cas

e m

anag

emen

t

Ru

les

inte

grat

ion

Self

-ser

vice

ad

min

istr

atio

n

Full-

serv

ice

adm

inis

trat

ion

Clo

ud

co

mpl

ian

t h

ost

ing

faci

lity

NSW

Go

vern

men

t D

ata

Cen

tre

On

sho

re/o

ffsh

ore

m

anag

emen

t

No

n-p

ropr

ieta

ry &

op

en

stan

dar

ds

com

pat

ible

Au

dit

logg

ing

Co

mp

lian

ce w

ith

NSW

Go

vern

men

t le

gisl

atio

n

Serv

ice

leve

l m

anag

emen

t

Mu

lti-

serv

ice

bro

ker

pro

visi

on

Office-based Worker

Mobile Worker

Public

Document Management Solutions Standard

9

3.3.2 Gold (complex) – Use Cases / Scenarios

‘Use cases’ for standard DM that are anticipated in agencies are included in the table below. The corresponding requirement sections of this standard are ticked in the columns.

Use Case / Scenario GOLD

Acquisition/Capture Document Management

Op

tica

l Ch

arac

ter

Rec

ogn

itio

n

Emai

l

Dig

ital

isat

ion

of

pap

er d

ocu

men

ts

Bu

lk im

po

rt

Dig

ital

wo

rkfl

ow t

o D

M

Elec

tro

nic

do

cum

ents

Elec

tro

nic

&/o

r m

anu

al m

etad

ata

cap

ture

Secu

re d

ocu

men

t

Acc

ess

sch

edu

le

Ver

sio

n co

ntr

ol

Cla

ssif

icat

ion

an

d la

bel

ling

Off

ice

too

l in

tegr

atio

n

Cu

sto

m m

etad

ata

clas

sifi

cati

on

Co

nte

nt

sear

chin

g

Ret

riev

al v

ia m

etad

ata

sear

ch

Web

& m

ob

ile b

ased

acc

ess

Off

line

syn

chro

nis

atio

n

LDA

P a

uth

enti

cati

on

and

au

tho

risa

tio

n

Ro

les

bas

ed a

uth

ori

sati

on

CM

IS in

tegr

atio

n

Do

cum

ent

con

tro

l

Ente

rpri

se s

earc

h

File

pla

n m

anag

emen

t

Ret

enti

on

pol

icy

man

agem

ent

Au

tom

ated

dis

po

siti

on

s

Trac

king

& d

ocum

enti

ng

of

reco

rd

des

tru

ctio

n

Secu

re le

gal a

nd

audi

t h

old

s

Form

al/i

nfo

rmal

do

cum

ents

Office-based Worker

Mobile Worker

Public

Document Management Solutions Standard

10

Use Case / Scenario GOLD

Collaboration/Workflow Service Management

Rea

l tim

e ed

itin

g o

f d

ocu

men

ts

Secu

rity

of

doc

umen

ts &

p

rofi

les

Lin

ear

wo

rkfl

ow

pro

cess

ing

Inte

rnal

& e

xter

nal

sh

arin

g o

f fi

les

Inst

ant

mes

sagi

ng

inte

grat

ion

No

tifi

cati

on

on

do

cum

ent

upd

ates

Pla

nni

ng

& s

ched

ulin

g m

anag

emen

t o

f w

ork

flo

w

Par

alle

l wor

kflo

w

pro

cess

ing

Wo

rkfl

ow

tas

k &

cas

e m

anag

emen

t

Ru

les

inte

grat

ion

Self

-ser

vice

ad

min

istr

atio

n

Full-

serv

ice

adm

inis

trat

ion

Clo

ud

co

mpl

ian

t h

ost

ing

faci

lity

NSW

Go

vern

men

t D

ata

Cen

tre

On

sho

re/o

ffsh

ore

m

anag

emen

t

No

n-p

ropr

ieta

ry &

op

en

stan

dar

ds

com

pat

ible

Au

dit

logg

ing

Co

mp

lian

ce w

ith

NSW

Go

vern

men

t le

gisl

atio

n

Serv

ice

leve

l m

anag

emen

t

Mu

lti-

serv

ice

bro

ker

pro

visi

on

Office-based Worker

Mobile Worker

Public

Document Management Solutions Standard

11

3.4. Elements of DM standard

3.4.1 Acquisition/Capture

Solutions should be able to capture documents/data (either manually or electronically) for storage and work-flowing (as appropriate) to an appropriate DM solution. Should a solution not have capture methods, it must be able to demonstrate as a minimum that it has the ability for this function to be added to it – through integration of a ‘bolt on’ element or identifying appropriate third-party solutions/services.

Examples of document capture for the purposes of this standard include (but are not limited to):

Optical Character Recognition (OCR).

Email – with and without attachments.

Digitisation of paper documents – hardcopy documents digitised for storage.

Bulk import – allowing automated, efficient import or acquisition of documents.

Digital workflow to DM – digital workflow of documents either natively as part of the solution or as a connector to a third party workflow engine.

Electronic documents (most common formats) – either directly or from email, collaboration and/or other third party solutions or business systems.

Electronic &/or manual metadata capture – for manual a minimum requirement is the manual entry of identification material related to the document.

In addition to digitally capturing data, solutions should be able to provide audit logs (events tracking). Event information must be specific, meaningful and useful.

3.4.2 Document Management

Solutions should be able to manage documents/records throughout their life (including disposal and/or archiving) as required by the agency. Elements that should be delivered as a minimum are listed below. Any additional element(s) would be considered favourably and should be highlighted in any response to market engagements.

All solutions must be able to input/export content and defined metadata to a format that is industry standard to facilitate transfer between solutions should an agency need to change its solution.

Secure document – preventing unauthorised access and managing the rights to access the document. This includes automated security access control, based on the file plan. This should also address the situation where a person who is able to assign rights to access leaves an organisation, and the rights to access require modification.

Access schedule – ability to change the access group based on certain criteria.

Version control – management of changes to documents, and other collections of information linked to business process/workflow.

Classification & labelling – process of assigning document(s) to one or more classifications or labelling categories for sensitive information, as per NSW Government classification and labelling requirements.

Office tools integration – interoperability of the digital document with the organisations office productivity tools.

Document Management Solutions Standard

12

Custom metadata classification – ability to modify the class or category of data that has been assigned to a digital document in order to provide information about the document for the purpose of identification.

Content searching – use of search technology to find or extract a document based on its digital content (as opposed to the meta-data).

Retrieval via metadata search – use of search technology to find or extract a document based on its metadata.

Web & mobile based access – obtain or retrieve a digital document via the web or a mobile device.

Offline synchronisation – work on documents whilst not directly connected to the DM repository and update documents automatically when connected.

LDAP authentication & authorisation – use of agency Lightweight Directory Access Protocol (LDAP) solution to authenticate a user and provide authorisation to access documents.

Roles based authorisation – granting document access based on a user’s login credentials.

CMIS integration (Content Management Interoperability Services) – share and access documents across multiple content management systems.

Document control (lifecycle) – mechanism to manage and classify the various stages of a document as it changes from version to version.

Enterprise search – discovery and output technology to search for document content regardless of where it exists for example collaboration repositories, email solutions, network shares, intranets, extranets, websites, databases, social media etc. Consider whether an option is required to provide a link to all documents which a person in a specific role has accessed, so that if a new person comes into the role they can quickly identify and access those same documents – enhancing business continuity.

File plan management – define the method for classifying records and document classifications.

Retention policy management – define the method for document retention periods.

Automated dispositions – automated destruction/permanent retention of record(s) or document(s), based on the file plan. This should also address scenarios where exceptions arise because specific documents need to be retained beyond minimum periods, e.g. through the use of prompts to check before documents are destroyed.

Tracking & documenting of record destruction.

Secure legal & audit holds – to preserve all forms of relevant information during an audit or when legal action is reasonably anticipated.

Formal/informal documents – ability to distinguish between documents that have been part of a formal work or approval process from “informal” documents.

3.4.3 Collaboration/Workflow

Solutions should be able to provide a level of collaboration/workflow for the management of documents/data. Should a solution not have collaboration/workflow capability, it should be able to demonstrate as a minimum that it has the ability for this function to be added to it – through integration of a ‘bolt on’ element or through identifying appropriate third-party solutions/services. This section should be considered in conjunction with the ‘collaboration’ elements of the Messaging Collaboration and Unified Communications Standard.

Real time editing of documents – technology to enable Real Time Collaborative Editing (RTCE), allowing multiple users to edit the same document or file simultaneously (with merging, conflict prevention and resolution for protecting edits).

Document Management Solutions Standard

13

Security of documents & profiles – securing document(s) from unauthorised access and managing the rights to access documents via user accounts / profile based / role based controls inherited from the file plan.

Linear workflow processing – basic workflow process of moving document(s) in a sequential manner from user to user or queue to queue and ability to move the document forward or backwards in the process by accepting or rejecting changes; document versions should be linked to workflow steps, e.g. it can be viewed as it was submitted to a committee, then viewed as it was edited after taking in committee input etc.

Internal & external sharing of files – ability to access, upload or download documents across corporate and public networks.

Instant messaging integration – real time communication service over the Internet allowing collaboration on a document (beyond and/or in additional to services provided within a collaboration tool).

Notification on document updates – electronically alerts/notification to users of event triggers for example document updates etc.

Planning & scheduling management of workflow – for example manage workload across users or when user needs to complete a specific piece of work.

Parallel workflow processing – ability to run two or more workflows concurrently when they split onto separate paths and manage process if they re-join.

Workflow task & case management – manage tasks or actions involving document workflows. Encapsulates metadata relating to a case where document is a sub component.

Rules integration – ability to dynamically specify, modify, or control rules associated with workflow process.

3.4.4 Service Management

Self-service administration

The ability to automatically provision and de-provision for all agency resources within the system, together with other appropriate administration and management tasks that can be delegated from the service provider that do not impinge on the solution being provided to other customers.

Full-service administration

All provisioning, de-provisioning, together with all other administration and management tasks required to operate the environment, are provided as part of the service offering. The only exception will be service management of the provider which remains the sole responsibility of the initiating agency.

Cloud compliant hosting facility

All relevant cloud services for the solution are to be provisioned from a compliant hosting facility. Compliant hosting is defined as having the following attributes and/or capabilities:

The location of the hosting facility must be identified either by name and/or location (city and country) in any response

The hosting location cannot be changed without first informing the agency concerned

The service provider undertakes, maintains and provides access to SSAE 16 Service Organization Control (SOC) Type II reports (or equivalent) for the services and facilities in scope for the engagement

The hosting facility must comply with minimum Tier 3, as defined by the Uptime Institute, ANSI TIA-942, or an equivalent industry standard.

Document Management Solutions Standard

14

The hosting facility must be certified against ISO 27001; compliance with the following international standards is desirable:

o ISO 9001

o ISO 27002

o ISO 20000-1:2011

o ISO 14001

Other desirable certifications may include, but are not limited to:

o PCI-DSS v3.0 or later

o Australian Signals Directorate

o ASIO-T4

o Uptime Institute

o CSA

Also consider contractual obligations relating to the service provider allowing security assessments and treatment of outcomes as agreed with the client.

If the hosting facilities changes to a location that is deemed unacceptable either to NSW Government or to the agency and/or loses attributes and/or capabilities identified above, the agency may need to consider termination of services.

NSW Government Data Centre

All relevant services for the solution to be provisioned from one or both NSW Government Data Centre (GovDC). Depending on the service offering and agency requirements, it may be possible to ‘burst’ some elements of services to other location(s) subject to agreement with the commissioning agency.

Burst data centres must be deemed ‘compliant’. If the ‘burst’ data centre facilities change to a location that is deemed unacceptable either to NSW Government or to the agency, the agency may need to re-examine the ‘burst’ service or the full service.

Onshore/offshore management

All solution providers must be able to articulate where their services will be provided from, including any remote support services. For example, with a ‘follow the sun’ support model, the locations of each of their support sites around the globe need to be identified. Any changes to these need to be communicated to the customer agency promptly; depending on the terms of the arrangement, this may give the agency the right to cancel the service with appropriate notification.

Non-proprietary & open standards compatible

All data and associated material generated, captured, stored or otherwise in a compliant solution must conform with open standards principles to the extent possible such that data and metadata can be ported to another solution with minimum cost and effort should the need occur. Providers need to demonstrate compliance with this element.

Audit logging

All elements of DM solutions should have the ability to log events to an auditing facility containing as a minimum name of person (user ID) making a change together with the changes being made.

Compliance with NSW Government legislation (relating to document and/or records management)

All solutions relating to DM must be compliant with existing NSW Government legislation relating to document and/or records management. Further should this legislation change to remain an endorsed solution, the solution must reflect these changes within a reasonable timeframe.

Document Management Solutions Standard

15

Service level management

Agencies will retain ultimate responsibility for service level management in any solutions engagement, which would ordinarily be covered by a SLA. Agencies, service-brokers and solution providers need to agree all SLA reporting and other related activities as part of any transition-in process.

Multi-service broker provision

Any solution provider must work within the confines of a multi-service provider environment where either the agency or nominated provider will perform broker service provision. This will be defined as one provider being made accountable for the provision of all associated services, whether these are provided by the provider itself, or other third-party providers.

Document Management Solutions Standard

16

DOCUMENT CONTROL

Document history

Status: Final

Version: 1.0

Approved by: Procurement & Technical Standards Working Group

Approved on: 4 June 2015

Issued by: ICT Services

Contact: ICT Services, Service Innovation and Strategy Division, Office of Finance and Services

Email: standards@finance.nsw.gov.au

Telephone: (02) 9372 7445

Review

This standard will be reviewed in 12 months. It may be reviewed earlier in response to post-implementation feedback from agencies.

Document Management Solutions Standard

17

APPENDIX A – DEFINITIONS

Information lifecycle elements

Use Case / Scenario Description

Acquisition/Capture

The initial information gathering and capture phase of the DM lifecycle. This needs to cover aspects of the solution that are involved with the initial capture of information, and encourage citizen engagement.

Document Management The set of services or technology for managing the document after it is captured and throughout its lifecycle.

Collaboration/Workflow

The set of services or technology for enabling collaboration on documents and the business processes associated with the documents. This area needs to be considered in relation to the Messaging, Collaboration and Unified Communications Standard.

Service Management Details elements of managing the service itself, includes full or self-service, NSW Government Data Centre, and onshore/offshore management.

Worker types

Use Case / Scenario Description

Office-based Worker

This worker type combines two worker types used in NSW Government standards, namely Task Worker and Knowledge (Office) Worker. Task Worker: Fixed location based worker. Performs a limited set of tasks. A task worker is a person that performs a specific (IT) task all day. Categories include: call centre agents, data capturing clerks and the like. In fact anyone who spends their day primarily using one application to perform their daily work is defined as a task worker. Knowledge (Office) Worker: Primarily fixed location based worker (however some mobility may be required). Performs a variety of high intensity tasks using information from various sources. Works at any of the tasks of planning, acquiring, searching, analysing, organising, storing, programming, distributing, marketing information, and those who work using the knowledge so produced.

Mobile Worker

This worker type combines two worker types used in NSW Government standards, namely Knowledge (Mobile) Worker and Field (Mobile) Worker. Knowledge (Mobile) Worker: Various locations, often at short notice and always connected. Performs a variety of high-intensity tasks, using information from various sources. Field (Mobile) Worker: Mostly in the field, rarely in the office and always connected. Performs a variety of tasks. Return to an office occasionally. This segment contains traditional field-based workers such as insurance adjusters, real estate agents, roofing contractors/agents, and sales representatives. The amount of time these individuals spend in the field varies, and often does not directly correspond to the amount of time they spend working remotely.

Public A member of the public who is associated with the document that is managed by an agency.

Document Management Solutions Standard

18

APPENDIX B – ABBREVIATIONS

AIIA Australian Information Industry Association

ASD Australian Security Directorate

ASIO Australian Secret Intelligence Organisation

CMIS Content Management Interoperability Services

CSA Canadian Standards Association

DM Document Management

GovDC Government Data Centre

ICT Information & Communication Technology

ISO International Organization for Standardization

IT Information Technology

LDAP Lightweight Directory Access Protocol

OCR Optical Character Recognition

PTS Procurement & Technical Standards

RTCE Real Time Collaborative Editing

SLA Service Level Agreement

Document Management Solutions Standard

19

APPENDIX C – REFERENCES Agencies should have regard to the following statutes, NSW Government policies and standards:

AS ISO 15489 – Australian Standard on Records Management

AS/NZS ISO 31000 Risk management – Principles and guidelines

Copyright Act 1968

DFS C2013-8 Data Centre Reform Strategy

Electronic Transactions Act 2000

Government Information (Public Access) Act 2009

Health Records and Information Privacy Act 2002

Information Management: A Common Approach

IPC Privacy Guidance

M2012-15 Digital Information Security Policy

NSW Government Open Data Policy

NSW Government Cloud Services Policy and Guidelines

NSW Government Enterprise Architecture Strategy

NSW Government ICT Strategy

NSW Government Digital Information Security Policy

NSW Government Information Classification and Labelling Guidelines

Privacy and Personal Information Protection Act 1998

Public Finance and Audit Act 1983

Public Interest Disclosures Act 1994

State Records Act 1998

State Records Standard on Records Management

TPP 09-05 - Internal Audit and Risk Management Policy for the NSW Public Sector

Document Management Solutions Standard

20

APPENDIX D – STANDARDS

Developing technical standards

Development of a standard begins with identifying the need for a new standard, which is followed by the development of the standard in consultation with the industry and experts groups, including the Australian Information Industry Association (AIIA).

The following diagram outlines the process.

The ICT Procurement and Technical Standards Working Group (PTS Working Group) is chaired by the Office of Finance and Services and includes senior representation from across NSW Government. Agencies engage with the PTS Working Group concerning services for inclusion in the ICT Services Catalogue. This drives the development of technical standards, where none exist. The PTS Working Group has the leading role in reviewing and endorsing the technical standards developed in response to agencies’ requirements. The PTS Working Group is supported by two sub-groups responsible for the areas of Telecommunications and Services and Solutions. The sub-groups are responsible for initial development and review of standards relating to their areas of responsibility.

Management and implementation

There is scope to modify standards through the NSW Government ICT governance arrangements as necessary. Standards are designed to add value, augment and be complementary to, other guidance, and they are continually improved and updated.

This standard does not affect or override the responsibilities of an agency or any employee regarding the management and disposal of information, data, and assets. Standards in ICT procurement must also address business requirements for service delivery.

NSW Procurement facilitates the implementation of the standards by applying them to the goods and services made available through the ICT Services Catalogue.

Need for new or amended standard

identified

Standard developed (Industry/agencies

consulted)

Standard approved and released by PTS

Working Group

Market engagement for services which meet the standard

Services added to Catalogue

Business requirements change