II.4.3.1. Develop management and technology frameworks
Government entities should create and maintain management and technical frameworks for using information resources that ensure linkages among mission needs, information content and information technology capabilities. These frameworks should guide both strategic planning and operational management of information resources. They should also address steps necessary to create an open systems environment. Government entities should implement the following principles: a. Develop information systems in a manner that facilitates interoperability, application portability, and scalability of computerized applications across networks of heterogeneous hardware, software, and communications platforms. In order to facilitate the preservation of the information, as well as the exchange of information between public bodies and/or interoperability between the different networks or portals, public entities should choose a common model of information exchange, based on a common standard (e.g. XML). This should be done keeping in mind that cross-border exchange should be made possible and promoted, and that public domain information should be accessible by anybody from anywhere in the world Also, as far as possible, choices regarding information systems should be made taking account of the fact that access to and use of the information should not be dependent on specific software, which could create a barrier to effective access and use. b. Ensure that the improvement of existing information systems and the development of new systems do not duplicate unnecessarily those within the same organization, within other government entities, or available from the private sector. It is important to share available information systems and technological capabilities with other government entities to the extent practicable and legally permissible. c. Establish a level of security for information systems that is commensurate with the risk of harm resulting from the loss, misuse or unauthorized access to or modification of the information contained in these information systems (see II.4.2.7). d. Promote the use of public sector information through national initiatives involving the users of the information.
II.4.3.2. Strategically plan information resources management
Government entities should establish and maintain strategic planning processes for information resources management, which include the following components: a. Strategic planning that addresses how the management of information resources promotes the fulfilment of the organization's mission. The planning process should reflect and anticipate changes in the organization's mission, policy direction, technological capabilities, and resource levels. b. Consideration and promotion of the use of information throughout its life cycle to maximize its usefulness, minimize the burden on the public, and preserve the integrity, availability, and confidentiality of the information. c. Operational planning that links information technology to anticipated programme and mission needs, and forms the basis for budget requests. This process should result in the preparation and maintenance of an up-to-date plan, consistent with the government’s planning cycle for other programmes, which includes:
a listing of planned information technology acquisitions;
an explanation of how the listed major information systems and planned information technology acquisitions relate to each other and support the achievement of the organization's mission;
an analysis of the situation concerning computer security systems and procedures; and
coordination with other government organizations’ planning processes, including consideration of human and financial resources.
II.4.3.3. Provide information systems management oversight
Government entities should establish information system management oversight mechanisms that:
a. Ensure that each information system meets the organization’s mission requirements. b. Provide for periodic review of information systems to determine:
how mission requirements might have changed;
whether the information system continues to fulfil ongoing and anticipated mission requirements; and
the level of maintenance needed to ensure that the information system meets mission requirements on a cost effective basis.
c. Ensure that the official who administers a programme encompassing an information system is responsible and accountable for the management of that information system throughout its life cycle. d. Provide for appropriate training for users of public information resources. e. Ensure that information system requirements do not unduly restrict the prerogatives of other national or sub-national public bodies or groups within the country that have certain autonomous legal rights and standing. f. Promote universal access to digital networks using broadband infrastructures to the greatest extent possible, paying particular attention to rural and disadvantaged areas, and provide services for access to public sector information that are in so far as possible independent of the specific technologies used. g. Ensure that major information systems proceed in a timely fashion towards agreed-upon milestones, and deliver intended benefits to the organization and users, through coordinated decision-making on the information itself as well as on human, financial, and other supporting resources.
II.4.3.4. Evaluate and measure performance
Government entities should promote effective management of their public information resources through various review procedures, including the following: a. Seek opportunities to improve the effectiveness and efficiency of public sector information activities, and particularly the application of information technology, through periodic reviews of the work process, b. Prepare, and update as necessary throughout the information system life cycle, a cost-benefit analysis for each information system which is:
at a level of detail appropriate to the size of the investment;
based on systematic measures of mission performance, including the effectiveness of programme delivery, the efficiency of programme administration, and the reduction of burdens imposed on the public including information-collection requirements.
c. Conduct analyses of investments in major information systems on an organization-wide basis to maximize return on investment and minimize financial and operational risk d. Conduct post-implementation reviews of information systems to validate estimated benefits and document effective management practices for broader use.