[policy name] · web viewldap authentication & authorisation – use of agency lightweight...
TRANSCRIPT
NSW Government
Document Management Solutions
Standard
v1.0
June 2015
ICT ServicesDepartment of Finance, Services & InnovationMcKell Building2-24 Rawson PlaceSYDNEY NSW [email protected]
Document Management Solutions Standard
CONTENTSJune 2015 1
1. CONTEXT 3
1.1. Background 3
1.2. Purpose 3
1.3. Scope and application 3
1.1. Policy context 3
1.2. The ICT Services Catalogue 4
2. KEY PRINCIPLES 4
3. REQUIREMENTS 5
3.1. Information lifecycle 5
3.2. Service level and complexity 6
3.3. Requirements tables 6
3.3.1 Silver (standard) – Use Cases / Scenarios 7
3.3.2 Gold (complex) – Use Cases / Scenarios 9
3.4. Elements of DM standard 11
3.4.1 Acquisition/Capture 11
3.4.2 Document Management 11
3.4.3 Collaboration/Workflow 12
3.4.4 Service Management 13
DOCUMENT CONTROL 16
APPENDIX A – DEFINITIONS 17
Information lifecycle elements 17
Worker types 17
APPENDIX B – ABBREVIATIONS 18
APPENDIX C – REFERENCES 19
APPENDIX D – STANDARDS 20
Developing technical standards 20
Management and implementation 20
Document Management Solutions Standard
1. CONTEXT
1.1. BackgroundThis is a technical standard developed through the NSW ICT Procurement and Technical Standards Working Group. The standard contains technical and functional requirements that agencies should consider when procuring ICT services for document management (DM) solutions.
By defining the necessary and common elements across agencies the standard provides an opportunity to leverage the buying power of Government as a whole, improve procurement efficiency and increase interoperability.
1.2. PurposeThe purpose of this standard is to assist NSW Government agencies to evaluate the functionality of DM solutions and tools, as well as take full advantage of their benefits. This standard also helps agencies procure in a strategic manner that reflects the NSW Government’s priorities as outlined in the NSW Government ICT Strategy. This standard sets out the minimum technical requirements for the provision of DM solutions to NSW Government.
This standard details the issues that need to be considered so each agency can identify the available options that best suit their business requirements, helping agencies achieve value for money through cost savings and improved flexibility of service offerings.
1.3. Scope and applicationThis standard applies to all NSW Government departments, statutory bodies and shared service providers, in the procurement of DM solutions. It does not apply to state owned corporations, but is recommended for their adoption.
For the purposes of this standard, ‘DM solution’ describes all elements of a system for providing DM for an organisation.
This standard sets out service definitions as minimum requirements that vendors must meet to be able to offer their services through the NSW ICT Services Catalogue. Agencies should consider any specific operational or regulatory factors that impact their requirements, and specific requirements they have in addition to those detailed in this standard.
1.1. Policy contextThe NSW Government ICT Strategy and Digital+ 2015 Final Update set out the Government’s plan to: build capability across the NSW public sector to deliver better, more customer-focused services that are available anywhere, anytime; and to derive increased value from the Government’s annual investment in ICT.
Information sharing, open data and reuse of technology are priority initiatives of the ICT Strategy, to maximise the return on government investments, support better policy development and service delivery. The NSW Government ICT Investment Policy and Guidelines establishes these requirements for all new ICT projects, particular to make better use of the functionality in existing systems.
The NSW Government Enterprise Architecture (NSW GEA) provides direction and practical guidance to accelerate the development of agency EA capability and enabling a common, intra and inter agency approach to the design of digital government. It encompasses all aspects of
Document Management Solutions Standard
enterprise architecture activity at the business, information, application and technology infrastructure layers. The NSW GEA is mapping the landscape of Whole of Government systems available across the sector, highlighting opportunities for reuse and where APIs can add value.
NSW Government, along with many governments in other jurisdictions, has moved towards opening up previously protected databases and applications, so that data and functionality can be accessed across agency boundaries or reused in new systems. Within NSW this has been reflected in the development of the NSW Government Open Data Policy, which provides clear direction for agencies to make their data available to the public in machine readable forms, including through the availability of APIs.
Developing whole of NSW Government ICT technical standards is a key initiative of the NSW Government ICT Strategy, driven by the ICT Procurement and Technical Standards Working Group. These standards leverage principles defined in the NSW Government ICT Strategy and the NSW Government Cloud Policy, and they support the NSW ICT Services Catalogue.
The standards set out service definitions as minimum requirements that vendors must meet to be able to offer their services through the NSW Services Catalogue. This helps achieve consistency across service offerings, emphasising a move to as a service sourcing strategies in line with the NSW Government ICT Strategy, and it signals government procurement priorities to industry.
This standard should be applied along with existing NSW Government policies and guidance, including the NSW Digital Information Security Policy. More information on the process for the development of standards that populate the ICT Services Catalogue is at Appendix D – Standards.
1.2. The ICT Services CatalogueThis catalogue provides suppliers with a showcase for their products and services, and an opportunity to outline how their offerings meet or exceed standard government requirements. The standards, together with supplier service offerings, help to reduce red tape and duplication of effort by allowing suppliers to submit service details only once against the standards. The offerings are then available to all potential buyers, simplifying procurement processes for government agencies.
Implementing this category management approach will embed common approaches, technologies and systems to maintain currency, improve interoperability, and provide better value ICT investment across NSW Government.
2. KEY PRINCIPLESThis standard is based on the following principles:
End-to-end digital: DM solutions should facilitate end-to-end digital management, without the need to move in and out of hardcopy format through the process.
Customer-centricity: DM solutions should provide a positive end-user experience, designed around the needs of the user and the “journey” from document capture and indexing, through search, retrieval, editing and dissemination, to archiving or disposal. DM solutions should support the ability to form a single view of the customer, presenting all relevant documents together where appropriate. They should facilitate public engagement where they are used for data collection from members of the public, accounting for privacy and security requirements. Streamlined authentication mechanisms (using trusted identity providers) can help maintain a customer-centric focus.
Document Management Solutions Standard
Eliminating duplication: DM solutions, and associated workflow processes, should minimise the need to enter (or re-enter) data and information. Manual information entry also creates the potential for errors in datasets.
Facilitating as a service: DM solutions should be available as a service. Vendors should facilitate agency transitioning from on-premise software to solutions provided as service.
Performance and latency: DM solutions should be designed to optimise performance and minimise latency across all functions to encourage concurrent use and collaboration across different geographic locations.
Business process integration: DM solutions should be capable of integration and interoperability with other systems to enable seamless business processes. Document storage, editing and retrieval should be built into business processes, to ensure that any DM system used creates minimal (or preferably no) impact on staff. It should be more efficient for staff to use the DM solution than to not use it.
Interoperability: DM solutions must meet industry recognised standards for metadata and interoperability to support sharing, security and business process integration, across the whole information lifecycle as set out in 3.1.
Accountability: DM solutions must support the creation, population and export of audit metadata, workflows, permissions and any other metadata needed to evidence the authenticity, reliability, integrity and useability of documents.
Mobile and flexible: DM solutions should support mobility and flexible work practices, be accessible online or offline, and be device independent. They should also be able to integrate new technologies as required.
Vendor / operating environment agnostic: DM solutions should be vendor and operating system agnostic. Users should be able to capture, access and edit documents in a range of environments. The solution should also support import from, or export to, solutions in other environments.
DM solutions should also apply NSW data and information management principles, as outlined in Information Management: A Common Approach. Data and information should be compliant, governed, collected once, fit for purpose, defined, optimised, organised, secured, used, shared, maintained and available.
3. REQUIREMENTS
3.1. Information lifecycleThe following elements should be considered when assessing a DM solution:
1. Acquisition/capture2. Document management3. Collaboration/workflow4. Service management
These elements are drawn from a typical information lifecycle, which includes capture, distribute, use, maintain and dispose of data, as set out in the NSW Information Management Framework – Information Management: A Common Approach. DM solutions must also comply with IPC privacy guidance, NSW State Records requirements – including the Standard on Records Management, and the NSW Government Classification and Labelling Guidelines.
Information management is the process of using technology to collect, organise, store, and provide information within a company or organisation with a goal of efficient and accountable management.
Document Management Solutions Standard
DM is regarded as a subset of information management. The goal of information management is to enable organisations to control and administer information assets throughout their lifecycle.
A ‘document’ is recorded information or an object that can be treated as a unit (AS ISO 15489 Part 1 Clause 3.10). It is ordinarily an item or collection of written, printed, or electronic matter with accompanying metadata that provides information. DMs should facilitate the management of document content and context (metadata about process and actions).
This standard also applies to ‘records’, as defined by AS ISO 15489 (Part 1 Clause 3.15) and the State Records Act 1998 (NSW). See the State Records NSW Glossary for more detail on relevant definitions.
3.2. Service level and complexityDM can be provided in a range of ways. For example, the supplier of the service may manage some of the service or environment during the course of the contract, or the supplier of the service may manage the entire service for course of the contract.
The following requirements use case tables are separated into three service levels, bronze, silver and gold, reflecting the complexity of the DM solution required:
Bronze: Not defined at this time.
Silver: Standard DM solution or service.
Gold: Advanced/complex DM solution or service.
3.3. Requirements tablesThe following tables set out the recommended business and technical requirements for NSW Government. They provide a consistent approach for all NSW Government agencies regardless of their size. Explanations for each element of the following use cases are provided at section 3.4.
Meeting the requirements of this standard
A service that meets all the requirements across both worker types and ‘public’ at Silver or Gold level, in relation to at least one of the above stages of the information lifecycle, meets this standard.
For example, if a service meets all of the requirements of the ‘Acquisition/capture’ lifecycle stage, at the Silver level, across both worker types and public, then that service is deemed compliant. Where this service is represented in the ICT Services Catalogue, the stage(s) for which it is compliant will be noted.
See Appendices A and B for additional details on information lifecycle stages and worker types, as well as a list of abbreviations used in this standard. See the NSW Government Cloud Services Policy and Guidelines for as a service and cloud definitions.
Document Management Solutions Standard
3.3.1 Silver (standard) – Use Cases / Scenarios
‘Use cases’ for standard DM that are anticipated in agencies are included in the table below. The corresponding requirement sections of this standard are ticked in the columns.
Use Case / ScenarioSILVER
Acquisition/Capture Document ManagementO
ptica
l Cha
ract
er R
ecog
nitio
n
Emai
l
Digi
talis
ation
of p
aper
doc
umen
ts
Bulk
impo
rt
Digi
tal w
orkfl
ow to
DM
Elec
tron
ic d
ocum
ents
Elec
tron
ic &
/or m
anua
l met
adat
a ca
ptur
e
Secu
re d
ocum
ent
Acce
ss sc
hedu
le
Vers
ion
cont
rol
Clas
sifica
tion
& la
belli
ng
Offi
ce to
ols i
nteg
ratio
n
Cust
om m
etad
ata
clas
sifica
tion
Cont
ent s
earc
hing
Retr
ieva
l via
met
adat
a se
arch
Web
& m
obile
bas
ed a
cces
s
Offl
ine
sync
hron
isatio
n
LDAP
aut
henti
catio
n &
aut
horis
ation
Role
s bas
ed a
utho
risati
on
CMIS
inte
grati
on
Docu
men
t con
trol
Ente
rpris
e se
arch
File
pla
n m
anag
emen
t
Rete
ntion
pol
icy
man
agem
ent
Auto
mat
ed d
ispos
ition
s
Trac
king
& d
ocum
entin
g of
reco
rd
dest
ructi
on
Secu
re le
gal &
aud
it ho
lds
Form
al/in
form
al d
ocum
ents
Office-based Worker Mobile Worker Public
7
Document Management Solutions Standard
Use Case / ScenarioSILVER
Collaboration/Workflow Service Management
Real
tim
e ed
iting
of
docu
men
ts
Secu
rity
of d
ocum
ents
&
profi
les
Line
ar w
orkfl
ow
proc
essin
g
Inte
rnal
& e
xter
nal
shar
ing
of fi
les
Inst
ant m
essa
ging
in
tegr
ation
Noti
ficati
on o
n do
cum
ent u
pdat
es
Plan
ning
& sc
hedu
ling
man
agem
ent o
f w
orkfl
owPa
ralle
l wor
kflow
pr
oces
sing
Wor
kflow
task
& c
ase
man
agem
ent
Rule
s int
egra
tion
Self-
serv
ice
adm
inist
ratio
n
Full-
serv
ice
adm
inist
ratio
n
Clou
d co
mpl
iant
hos
ting
faci
lity
NSW
Gov
ernm
ent D
ata
Cent
re
Ons
hore
/offs
hore
m
anag
emen
t
Non
-pro
prie
tary
& o
pen
stan
dard
s com
patib
le
Audi
t log
ging
Com
plia
nce
with
NSW
Go
vern
men
t leg
islati
on
Serv
ice
leve
l m
anag
emen
t
Mul
ti-se
rvic
e br
oker
pr
ovisi
on
Office-based Worker Mobile Worker Public
8
Document Management Solutions Standard
3.3.2 Gold (complex) – Use Cases / Scenarios
‘Use cases’ for standard DM that are anticipated in agencies are included in the table below. The corresponding requirement sections of this standard are ticked in the columns.
Use Case / ScenarioGOLD
Acquisition/Capture Document ManagementO
ptica
l Cha
ract
er R
ecog
nitio
n
Emai
l
Digi
talis
ation
of p
aper
doc
umen
ts
Bulk
impo
rt
Digi
tal w
orkfl
ow to
DM
Elec
tron
ic d
ocum
ents
Elec
tron
ic &
/or m
anua
l met
adat
a ca
ptur
eSe
cure
doc
umen
t
Acce
ss sc
hedu
le
Vers
ion
cont
rol
Clas
sifica
tion
and
labe
lling
Offi
ce to
ol in
tegr
ation
Cust
om m
etad
ata
clas
sifica
tion
Cont
ent s
earc
hing
Retr
ieva
l via
met
adat
a se
arch
Web
& m
obile
bas
ed a
cces
s
Offl
ine
sync
hron
isatio
n
LDAP
aut
henti
catio
n an
d au
thor
isatio
n
Role
s bas
ed a
utho
risati
on
CMIS
inte
grati
on
Docu
men
t con
trol
Ente
rpris
e se
arch
File
pla
n m
anag
emen
t
Rete
ntion
pol
icy
man
agem
ent
Auto
mat
ed d
ispos
ition
s
Trac
king
& d
ocum
entin
g of
reco
rd
dest
ructi
onSe
cure
lega
l and
aud
it ho
lds
Form
al/in
form
al d
ocum
ents
Office-based Worker Mobile Worker Public
9
Document Management Solutions Standard
Use Case / ScenarioGOLD
Collaboration/Workflow Service Management
Real
tim
e ed
iting
of
docu
men
ts
Secu
rity
of d
ocum
ents
&
profi
les
Line
ar w
orkfl
ow
proc
essin
g
Inte
rnal
& e
xter
nal
shar
ing
of fi
les
Inst
ant m
essa
ging
in
tegr
ation
Noti
ficati
on o
n do
cum
ent u
pdat
es
Plan
ning
& sc
hedu
ling
man
agem
ent o
f w
orkfl
owPa
ralle
l wor
kflow
pr
oces
sing
Wor
kflow
task
& c
ase
man
agem
ent
Rule
s int
egra
tion
Self-
serv
ice
adm
inist
ratio
n
Full-
serv
ice
adm
inist
ratio
n
Clou
d co
mpl
iant
hos
ting
faci
lity
NSW
Gov
ernm
ent D
ata
Cent
re
Ons
hore
/offs
hore
m
anag
emen
t
Non
-pro
prie
tary
& o
pen
stan
dard
s com
patib
le
Audi
t log
ging
Com
plia
nce
with
NSW
Go
vern
men
t leg
islati
on
Serv
ice
leve
l m
anag
emen
t
Mul
ti-se
rvic
e br
oker
pr
ovisi
on
Office-based Worker Mobile Worker Public
10
Document Management Solutions Standard
3.4. Elements of DM standard
3.4.1 Acquisition/Capture
Solutions should be able to capture documents/data (either manually or electronically) for storage and work-flowing (as appropriate) to an appropriate DM solution. Should a solution not have capture methods, it must be able to demonstrate as a minimum that it has the ability for this function to be added to it – through integration of a ‘bolt on’ element or identifying appropriate third-party solutions/services.
Examples of document capture for the purposes of this standard include (but are not limited to):
Optical Character Recognition (OCR).
Email – with and without attachments.
Digitisation of paper documents – hardcopy documents digitised for storage.
Bulk import – allowing automated, efficient import or acquisition of documents.
Digital workflow to DM – digital workflow of documents either natively as part of the solution or as a connector to a third party workflow engine.
Electronic documents (most common formats) – either directly or from email, collaboration and/or other third party solutions or business systems.
Electronic &/or manual metadata capture – for manual a minimum requirement is the manual entry of identification material related to the document.
In addition to digitally capturing data, solutions should be able to provide audit logs (events tracking). Event information must be specific, meaningful and useful.
3.4.2 Document Management
Solutions should be able to manage documents/records throughout their life (including disposal and/or archiving) as required by the agency. Elements that should be delivered as a minimum are listed below. Any additional element(s) would be considered favourably and should be highlighted in any response to market engagements.
All solutions must be able to input/export content and defined metadata to a format that is industry standard to facilitate transfer between solutions should an agency need to change its solution.
Secure document – preventing unauthorised access and managing the rights to access the document. This includes automated security access control, based on the file plan. This should also address the situation where a person who is able to assign rights to access leaves an organisation, and the rights to access require modification.
Access schedule – ability to change the access group based on certain criteria.
Version control – management of changes to documents, and other collections of information linked to business process/workflow.
Classification & labelling – process of assigning document(s) to one or more classifications or labelling categories for sensitive information, as per NSW Government classification and labelling requirements.
Office tools integration – interoperability of the digital document with the organisations office productivity tools.
11
Document Management Solutions Standard
Custom metadata classification – ability to modify the class or category of data that has been assigned to a digital document in order to provide information about the document for the purpose of identification.
Content searching – use of search technology to find or extract a document based on its digital content (as opposed to the meta-data).
Retrieval via metadata search – use of search technology to find or extract a document based on its metadata.
Web & mobile based access – obtain or retrieve a digital document via the web or a mobile device.
Offline synchronisation – work on documents whilst not directly connected to the DM repository and update documents automatically when connected.
LDAP authentication & authorisation – use of agency Lightweight Directory Access Protocol (LDAP) solution to authenticate a user and provide authorisation to access documents.
Roles based authorisation – granting document access based on a user’s login credentials.
CMIS integration (Content Management Interoperability Services) – share and access documents across multiple content management systems.
Document control (lifecycle) – mechanism to manage and classify the various stages of a document as it changes from version to version.
Enterprise search – discovery and output technology to search for document content regardless of where it exists for example collaboration repositories, email solutions, network shares, intranets, extranets, websites, databases, social media etc. Consider whether an option is required to provide a link to all documents which a person in a specific role has accessed, so that if a new person comes into the role they can quickly identify and access those same documents – enhancing business continuity.
File plan management – define the method for classifying records and document classifications.
Retention policy management – define the method for document retention periods.
Automated dispositions – automated destruction/permanent retention of record(s) or document(s), based on the file plan. This should also address scenarios where exceptions arise because specific documents need to be retained beyond minimum periods, e.g. through the use of prompts to check before documents are destroyed.
Tracking & documenting of record destruction.
Secure legal & audit holds – to preserve all forms of relevant information during an audit or when legal action is reasonably anticipated.
Formal/informal documents – ability to distinguish between documents that have been part of a formal work or approval process from “informal” documents.
3.4.3 Collaboration/Workflow
Solutions should be able to provide a level of collaboration/workflow for the management of documents/data. Should a solution not have collaboration/workflow capability, it should be able to demonstrate as a minimum that it has the ability for this function to be added to it – through integration of a ‘bolt on’ element or through identifying appropriate third-party solutions/services. This section should be considered in conjunction with the ‘collaboration’ elements of the Messaging Collaboration and Unified Communications Standard.
Real time editing of documents – technology to enable Real Time Collaborative Editing (RTCE), allowing multiple users to edit the same document or file simultaneously (with merging, conflict prevention and resolution for protecting edits).
12
Document Management Solutions Standard
Security of documents & profiles – securing document(s) from unauthorised access and managing the rights to access documents via user accounts / profile based / role based controls inherited from the file plan.
Linear workflow processing – basic workflow process of moving document(s) in a sequential manner from user to user or queue to queue and ability to move the document forward or backwards in the process by accepting or rejecting changes; document versions should be linked to workflow steps, e.g. it can be viewed as it was submitted to a committee, then viewed as it was edited after taking in committee input etc.
Internal & external sharing of files – ability to access, upload or download documents across corporate and public networks.
Instant messaging integration – real time communication service over the Internet allowing collaboration on a document (beyond and/or in additional to services provided within a collaboration tool).
Notification on document updates – electronically alerts/notification to users of event triggers for example document updates etc.
Planning & scheduling management of workflow – for example manage workload across users or when user needs to complete a specific piece of work.
Parallel workflow processing – ability to run two or more workflows concurrently when they split onto separate paths and manage process if they re-join.
Workflow task & case management – manage tasks or actions involving document workflows. Encapsulates metadata relating to a case where document is a sub component.
Rules integration – ability to dynamically specify, modify, or control rules associated with workflow process.
3.4.4 Service Management
Self-service administration
The ability to automatically provision and de-provision for all agency resources within the system, together with other appropriate administration and management tasks that can be delegated from the service provider that do not impinge on the solution being provided to other customers.
Full-service administration
All provisioning, de-provisioning, together with all other administration and management tasks required to operate the environment, are provided as part of the service offering. The only exception will be service management of the provider which remains the sole responsibility of the initiating agency.
Cloud compliant hosting facility
All relevant cloud services for the solution are to be provisioned from a compliant hosting facility. Compliant hosting is defined as having the following attributes and/or capabilities:
The location of the hosting facility must be identified either by name and/or location (city and country) in any response
The hosting location cannot be changed without first informing the agency concerned
The service provider undertakes, maintains and provides access to SSAE 16 Service Organization Control (SOC) Type II reports (or equivalent) for the services and facilities in scope for the engagement
The hosting facility must comply with minimum Tier 3, as defined by the Uptime Institute, ANSI TIA-942, or an equivalent industry standard.
The hosting facility must be certified against ISO 27001; compliance with the following international standards is desirable:
13
Document Management Solutions Standard
o ISO 9001
o ISO 27002
o ISO 20000-1:2011
o ISO 14001
Other desirable certifications may include, but are not limited to:
o PCI-DSS v3.0 or later
o Australian Signals Directorate
o ASIO-T4
o Uptime Institute
o CSA
Also consider contractual obligations relating to the service provider allowing security assessments and treatment of outcomes as agreed with the client.
If the hosting facilities changes to a location that is deemed unacceptable either to NSW Government or to the agency and/or loses attributes and/or capabilities identified above, the agency may need to consider termination of services.
NSW Government Data Centre
All relevant services for the solution to be provisioned from one or both NSW Government Data Centre (GovDC). Depending on the service offering and agency requirements, it may be possible to ‘burst’ some elements of services to other location(s) subject to agreement with the commissioning agency.
Burst data centres must be deemed ‘compliant’. If the ‘burst’ data centre facilities change to a location that is deemed unacceptable either to NSW Government or to the agency, the agency may need to re-examine the ‘burst’ service or the full service.
Onshore/offshore management
All solution providers must be able to articulate where their services will be provided from, including any remote support services. For example, with a ‘follow the sun’ support model, the locations of each of their support sites around the globe need to be identified. Any changes to these need to be communicated to the customer agency promptly; depending on the terms of the arrangement, this may give the agency the right to cancel the service with appropriate notification.
Non-proprietary & open standards compatible
All data and associated material generated, captured, stored or otherwise in a compliant solution must conform with open standards principles to the extent possible such that data and metadata can be ported to another solution with minimum cost and effort should the need occur. Providers need to demonstrate compliance with this element.
Audit logging
All elements of DM solutions should have the ability to log events to an auditing facility containing as a minimum name of person (user ID) making a change together with the changes being made.
Compliance with NSW Government legislation (relating to document and/or records management)
All solutions relating to DM must be compliant with existing NSW Government legislation relating to document and/or records management. Further should this legislation change to remain an endorsed solution, the solution must reflect these changes within a reasonable timeframe.
Service level management
14
Document Management Solutions Standard
Agencies will retain ultimate responsibility for service level management in any solutions engagement, which would ordinarily be covered by a SLA. Agencies, service-brokers and solution providers need to agree all SLA reporting and other related activities as part of any transition-in process.
Multi-service broker provision
Any solution provider must work within the confines of a multi-service provider environment where either the agency or nominated provider will perform broker service provision. This will be defined as one provider being made accountable for the provision of all associated services, whether these are provided by the provider itself, or other third-party providers.
15
Document Management Solutions Standard
DOCUMENT CONTROL
Document historyStatus: Final
Version: 1.0
Approved by: Procurement & Technical Standards Working Group
Approved on: 4 June 2015
Issued by: ICT Services
Contact: ICT Services, Service Innovation and Strategy Division, Department of Finance, Services & Innovation
Email: [email protected]
Telephone: (02) 9372 7445
Review This standard will be reviewed in 12 months. It may be reviewed earlier in response to post-implementation feedback from agencies.
16
Document Management Solutions Standard
APPENDIX A – DEFINITIONS
Information lifecycle elements
Use Case / Scenario Description
Acquisition/Capture
The initial information gathering and capture phase of the DM lifecycle. This needs to cover aspects of the solution that are involved with the initial capture of information, and encourage citizen engagement.
Document Management The set of services or technology for managing the document after it is captured and throughout its lifecycle.
Collaboration/Workflow
The set of services or technology for enabling collaboration on documents and the business processes associated with the documents. This area needs to be considered in relation to the Messaging, Collaboration and Unified Communications Standard.
Service ManagementDetails elements of managing the service itself, includes full or self-service, NSW Government Data Centre, and onshore/offshore management.
Worker types
Use Case / Scenario Description
Office-based Worker
This worker type combines two worker types used in NSW Government standards, namely Task Worker and Knowledge (Office) Worker.
Task Worker: Fixed location based worker. Performs a limited set of tasks. A task worker is a person that performs a specific (IT) task all day. Categories include: call centre agents, data capturing clerks and the like. In fact anyone who spends their day primarily using one application to perform their daily work is defined as a task worker.
Knowledge (Office) Worker: Primarily fixed location based worker (however some mobility may be required). Performs a variety of high intensity tasks using information from various sources. Works at any of the tasks of planning, acquiring, searching, analysing, organising, storing, programming, distributing, marketing information, and those who work using the knowledge so produced.
Mobile Worker
This worker type combines two worker types used in NSW Government standards, namely Knowledge (Mobile) Worker and Field (Mobile) Worker.
Knowledge (Mobile) Worker: Various locations, often at short notice and always connected. Performs a variety of high-intensity tasks, using information from various sources.
Field (Mobile) Worker: Mostly in the field, rarely in the office and always connected. Performs a variety of tasks. Return to an office occasionally. This segment contains traditional field-based workers such as insurance adjusters, real estate agents, roofing contractors/agents, and sales representatives. The amount of time these individuals spend in the field varies, and often does not directly correspond to the amount of time they spend working remotely.
Public A member of the public who is associated with the document that is managed by an agency.
17
Document Management Solutions Standard
APPENDIX B – ABBREVIATIONS
AIIA Australian Information Industry Association
ASD Australian Security Directorate
ASIO Australian Secret Intelligence Organisation
CMIS Content Management Interoperability Services
CSA Canadian Standards Association
DM Document Management
GovDC Government Data Centre
ICT Information & Communication Technology
ISO International Organization for Standardization
IT Information Technology
LDAP Lightweight Directory Access Protocol
OCR Optical Character Recognition
PTS Procurement & Technical Standards
RTCE Real Time Collaborative Editing
SLA Service Level Agreement
18
Document Management Solutions Standard
APPENDIX C – REFERENCES Agencies should have regard to the following statutes, NSW Government policies and standards:
AS ISO 15489 – Australian Standard on Records Management AS/NZS ISO 31000 Risk management – Principles and guidelines Copyright Act 1968 DFS C2013-8 Data Centre Reform Strategy Electronic Transactions Act 2000 Government Information (Public Access) Act 2009 Health Records and Information Privacy Act 2002 Information Management: A Common Approach IPC Privacy Guidance M2012-15 Digital Information Security Policy NSW Government Open Data Policy NSW Government Cloud Services Policy and Guidelines NSW Government Enterprise Architecture Strategy NSW Government ICT Strategy NSW Government Digital Information Security Policy NSW Government Information Classification and Labelling Guidelines Privacy and Personal Information Protection Act 1998 Public Finance and Audit Act 1983 Public Interest Disclosures Act 1994 State Records Act 1998 State Records Standard on Records Management TPP 09-05 - Internal Audit and Risk Management Policy for the NSW Public Sector
19
Document Management Solutions Standard
APPENDIX D – STANDARDS
Developing technical standardsDevelopment of a standard begins with identifying the need for a new standard, which is followed by the development of the standard in consultation with the industry and experts groups, including the Australian Information Industry Association (AIIA).
The following diagram outlines the process.
The ICT Procurement and Technical Standards Working Group (PTS Working Group) is chaired by the Department of Finance, Services & Innovation and includes senior representation from across NSW Government.
Agencies engage with the PTS Working Group concerning services for inclusion in the ICT Services Catalogue. This drives the development of technical standards, where none exist. The PTS Working Group has the leading role in reviewing and endorsing the technical standards developed in response to agencies’ requirements.
The PTS Working Group is supported by two sub-groups responsible for the areas of Telecommunications and Services and Solutions. The sub-groups are responsible for initial development and review of standards relating to their areas of responsibility.
Management and implementationThere is scope to modify standards through the NSW Government ICT governance arrangements as necessary. Standards are designed to add value, augment and be complementary to, other guidance, and they are continually improved and updated.
This standard does not affect or override the responsibilities of an agency or any employee regarding the management and disposal of information, data, and assets. Standards in ICT procurement must also address business requirements for service delivery.
NSW Procurement facilitates the implementation of the standards by applying them to the goods and services made available through the ICT Services Catalogue.
20
Need for new or amended standard
identified
Standard developed (Industry/agencies
consulted)
Standard approved and released by PTS
Working Group
Market engagement for services which meet the standard
Services added to Catalogue
Business requirements change