Review of corporate information management

Summary of findings and priority recommendations

Key findings:

• the Scottish Government (SG) has reached a strategic tipping point in its approach to information management. There is now a compelling case for the organisation to re-evaluate and reset its approach to information management to ensure that it minimises the risks and takes advantage of the opportunities associated with global changes in technology, and supports its future business and digital strategies
• the business value of the SG’s information should be fully recognised and valued as it is  crucial to the success of the business of government and the SG’s vision of being open, capable and responsive.  Improved information management practices can improve decision making and generate substantial economic benefit. Information should therefore be afforded equal strategic priority to other corporate assets such as people, infrastructure and finances
• SG should develop a comprehensive corporate information management strategy which sets out the direction of travel for the organisation to deliver its information management priorities, policies and approach to achieving best practice. This should cover culture, capability and controls to ensure clear and effective governance
• in order to ensure that information is used to best advantage and to reduce risk, there needs to be comprehensive oversight of information systems and governance. This will improve performance, avoid silos and ensure greater consistency and should be applied to corporate systems and processes but also supported by enhanced governance and scrutiny at local level.
• further action is required to ensure that policies and guidance are implemented fully and compliance with information law is achieved. The organisation’s information often forms its record of work and should be protected by disciplined information and records management
• whilst the eRDM (electronic records and documents management) system is used widely as the corporate solution for managing documents and records, there is also widespread use of alternative processes and systems for creating, storing and managing information. A change in culture is required in order to address a significant and growing landscape of unstructured information which is not properly managed and is difficult to access, search and reuse. This legacy environment also constrains the organisation’s business and technology strategies. Enhanced governance should therefore also apply oversight to the use of such information systems. Lessons learned should also be applied to the implementation of new digital information systems to mitigate future risk
• available data about the organisation’s information management practices should be better utilised to support performance monitoring and information governance.
• there is poor uptake in information management training which has led to a lack of skills and  knowledge about best practice information and records management at all levels. 
• the SG has recently invested in its information management infrastructure by upgrading the corporate eRDM system, acquiring new digital information management tools and developing a new model of blended training resources. These are strong foundations upon which to improve information management capability and reduce risk but they must be backed up by best practice and the right behaviours at all levels in the organisation

Priority recommendations

The following is a summary description of the key recommendations set out in the section: Recommendations and which are also reflected in an indicative strategic plan in the section on eDiscovery. The Scottish Government should:

1. Raise the corporate priority and strategic profile of information and records management to better reflect its business value and encourage improved behaviours and culture.
2. Implement a corporate whole-of-government information management strategy.
3. Establish a corporate information governance model.
4. Implement a corporate information management performance framework.
5. Manage down the availability and use of unstructured information repositories and develop clear criteria, guidance and policy for the management of information outside of the corporate eRDM system.
6. Deliver a corporate improvement programme to address key risks and gaps in the short to medium term whilst building a sustainable and responsive business model for best practice digital information management in the future.
7. Embed lessons learned in the implementation of new digital information systems.
8. Review resourcing of information management within local, directorate and corporate functions.