1 |
Information Management Governance and Accountability |
|
69 |
There is a Senior Official designated to lead the IM program |
|
70 |
The Senior Official has the authority to provide direction in IM at all levels of the institution |
|
71 |
The Senior Official has authority to allocate appropriate resources to IM activities |
|
72 |
The Senior Official has the mandate to secure adequate training and development programs to support IM
specialists |
|
73 |
There is provision under the governance and accountability framework for ongoing monitoring of the
effectiveness of the IM program across the institution |
|
74 |
There is provision under the governance and accountability framework that designates authority to take action
to redress vulnerabilities and significant issues in IM |
|
76 |
Regions are represented in the governance structure. |
|
77 |
The IM G&A framework identifies the position within the institution that is accountable to the TB for the
implementation of the MGI policy and sustenance of good IM |
|
78 |
The Accountability framework stipulates that the Senior Official designated to lead the IM program is
accountable to the Head of the institution for the implementation of the MGI policy and sustenance of good IM |
|
79 |
IM Roles and Responsibilities of the Senior Official designated to lead the IM program are identified in job
description and management agreement with the Head of the institution |
|
80 |
IM Roles and responsibilities for senior management are identified in job descriptions and management
agreements with the Head of the institution |
|
81 |
There are current job descriptions outlining roles and responsibilities of IM specialists |
|
82 |
IM roles and responsibilities for all employees are identified and included in job descriptions and performance
agreements |
|
83 |
Guidelines for performance assessment program stipulate that performance assessments of all employees evaluate
requisite performance in managing information |
|
126 |
The institution has an IM governance and accountability framework |
2
|
Information Access and Use
|
ATI
|
30
|
Guidelines and process exist for controlling appropriate access to information
|
ATI
|
31
|
Process exists to support legal and policy obligations for sharing / re-use of the information
|
ATI
|
32
|
Process is in place to document and monitor access to restricted information
|
ATI
|
89
|
Process is in place to review information collection plans to assess necessity and relevance of collection
|
ATI
|
92
|
Institution maintains records of information collection activities, identifying purpose, frequency, profile of
respondents and all data elements within information collections
|
Privacy
|
33
|
Institution has Privacy Management Framework with guidelines outlining requirements of the Privacy Act in
relation to collection, retention, management and release of personal information
|
Privacy
|
35
|
Institutional guidelines stipulate that Information systems with data or records that contain personal
information are identified
|
Official Languages
|
9
|
The institution has guidelines or directives to support compliance with the Official Languages Act
|
Official Languages
|
10
|
Quality assurance regularly assesses compliance with languages requirements
|
Official Languages
|
12
|
Client information systems specify individual clients' preferred language of communication
|
Official Languages
|
14
|
A vehicle exists for Canadians to identify difficulties communicating with the institution in their language of
choice
|
Legal
|
44
|
The institution has directives and guidelines to ensure development and maintenance of information sharing
agreements with external partners that define roles & responsibilities; accountabilities; mechanisms for
sharing information, preserving integrity of information, ensuring comprehensive records are maintained, and for
ensuring appropriate disposition of information
|
Security
|
11
|
Measures exist to rectify deficiencies in compliance with language requirements
|
Security
|
43
|
Processes are in place to safeguard information from destruction and tampering
|
Security
|
50
|
The institution has directives and guidelines for the appropriate security designation of information
|
Security
|
51
|
The institution has directives and guidelines outlining security requirements for maintaining and handling
information in all media across all delivery channels
|
Security
|
53
|
Processes are in place outlining and supporting appropriate storage of information in line with security
designation
|
Security
|
54
|
Processes are in place outlining and supporting appropriate method for destruction of information in line with
security designation
|
IT
|
65
|
Institutional guidelines or directives require that planning for new technology based systems ensures that
requirement is not already addressed by an existing technology based system (prevents redundant system
development)
|
IT
|
66
|
Institutional guidelines or directives require that planning for new technology based systems considers
interoperability with other technology based systems (existing or under development)
|
IT
|
67
|
Institutional guidelines or directives require that planning for new technology addresses reusing and sharing
information held in existing technology based systems
|
IT
|
68
|
Institutional guidelines or directives require that planning for new technology includes applying institutional
guidelines for information organization and identification (i.e. uses or builds upon approved taxonomies or
information classification / identification systems)
|
IT
|
84
|
There are institutional standards outlining requirements for the institution's IT infrastructure
|
IT
|
96
|
Migration strategies exist for converting information (data) to new structures and technology over time
|
IT
|
130
|
Strategies are in place to provide for preservation of information of enduring value while it is in the custody
of the organization, including through technological change
|
Quality Assurance
|
1
|
Guidelines defining information quality criteria are available for reference
|
Quality Assurance
|
2
|
Quality assurance processes exist across the institution
|
Quality Assurance
|
4
|
Measures exist to resolve quality issues
|
Quality Assurance
|
5
|
A vehicle exists for Canadians to provide feedback related to quality and consistency of information
|
Access
|
6
|
Information on programs or services is available through all delivery channels: internet, e-mail, telephone
call-centre, face-to-face, traditional correspondence
|
Access
|
7
|
Individual client information is available through all delivery channels: internet, e-mail, telephone
call-centre, face-to-face, traditional correspondence
|
Access
|
8
|
Employees at public response points (internet, e-mail, telephone call-centre, face-to-face, correspondence
units) can access all institutions INFO systems
|
3
|
Information Life Cycle Management Program
|
|
26
|
Process exists to support bibliographic information being reported to the National Library's Union Catalogue
|
|
38
|
The institution formally supports and resources a records management program with professional experts to
provide advice and guidance to support the proper collection, storage and preservation of institutional records
|
|
39
|
There are formal guidelines and procedures for maintaining business records regardless of media or format
|
|
40
|
The institution formally supports and resources a library service with professional experts to provide advice
and guidance to support the proper collection, storage and preservation of institutional publications
|
|
56
|
The institution has an essential records program identifying records that must be protected as defined in
government policy and directives
|
|
60
|
There are institutional directives and guidelines to include IM requirements (resources, accommodation,
equipment, management mechanisms or tools, etc.) in project and program planning and management documents
(business cases, project plans, TBS submissions, etc) for new or modified programs, services.
|
|
61
|
Institutional guidelines or directives require that IM considerations are addressed in policy development and,
if appropriate, incorporated into policies, standards or guidelines (e.g. security, e-mail, network usage
policies)
|
|
63
|
Institutional guidelines and directives require that IM requirements are addressed in project and program
planning and management documents for technology based systems
|
|
88
|
The institution has a business continuity plan that includes an information strategy
|
|
99
|
The institution's Records Management program includes an active retention and disposition unit with experts to
provide support and guidance in disposition activities across the institution
|
|
101
|
The institution maintains an inventory of current disposition authorities outlining retention periods and terms
and conditions for disposition
|
|
102
|
The institution maintains an inventory of records not covered under disposition authorities, to ensure these
records are retained until an authority is attained
|
|
103
|
There are institutional guidelines and procedures for transfer of information of enduring (or historical) value
to the LAC.
|
|
105
|
Migration strategies include consideration for essential records
|
|
111
|
There are institutional directives, guidelines and procedures to support deposit of Publications in the
institution's library or in on-line publications repository
|
|
115
|
There are institutional guidelines and procedures for transferring publications to the National Library of LAC
|
|
120
|
The institutional Threat and Risk Assessment program includes IM considerations
|
4
|
Information Identification, Organization and Inventory
|
|
16
|
There are institutional guidelines and standards for identifying, describing and organizing information
|
|
18
|
The institution maintains a current, comprehensive and structured identification or classification system(s)
for organizing and locating information, including metadata and information descriptions with sufficient detail to
facility clarity and define context.
|
|
21
|
Processes are in place to update the inventory of information assets on a regular basis
|
|
23
|
An inventory of information assets exists (preferably electronic) indicating format, media and location of
information and is available to all employees
|
|
24
|
Information holdings are identified and described in appropriate public reference sources (e.g. InfoSource)
|
|
25
|
A current Publications catalogue is maintained according to established standards
|
5
|
Electronic Repository
|
|
87
|
The institution has an electronic repository for storing and managing electronic information
|
6
|
Information Management Training and Awareness
|
|
41
|
Institution supports a training and awareness program that outlines employee obligations with respect to
maintaining government information, particularly in maintaining official records
|
|
55
|
Training and awareness program outlines employee obligations with respect to information security
|
|
100
|
Employee training and awareness programs provide information on retention and disposition process for
government records
|
7
|
Information Management Auditing and Evaluation
|
|
3
|
The institutional audit and evaluation program assesses quality, consistency and integrity of information
|
|
13
|
The audit and evaluation program regularly assesses the institution's performance in providing information in
the language of choice
|
|
119
|
The audit and evaluation program assesses and documents the institution's performance in managing information
|
|
131
|
The audit and evaluation program assesses the effectiveness of the departmental records disposition program
|
|
27
|
The audit and evaluation program assesses timeliness and convenience of access to information
|
|
37
|
The audit and evaluation program assesses the handling of personal information by institution
|
|
42
|
The audit and evaluation program checks to ensure records are being maintained and managed appropriately
|
|
46
|
The audit and evaluation program checks to ensure the existence of, and compliance of all parties with,
information sharing agreements
|