ICT Strategic Framework

Information is a strategic resource that underpins the key functions and decision making processes of a local government.
Last updated:

The way information is managed, including the technology used to support it, is therefore central to local government business practices. Alongside its physical, human and financial resources, a local government must manage its information in a way that enables services to be delivered that best meet community needs and the priorities set by council.

Integrated Planning and Reporting (IPR) Framework

The Integrated Planning and Reporting (IPR) Framework and Guidelines sets out how local governments should plan for their future through the development of Strategic Community Plans and Corporate Business Plans. The resources needed to implement these plans are identified and managed through asset management plans, workforce plans and long-term financial plans.

In a similar way, information and information technology resources can be planned for and managed so that they support the strategic objectives and priorities of the local government, as well as ensuring the business continuity of its day-to-day operations. ICT is also an important foundation for the other resourcing plans.

ICT Strategic Framework

The ICT Strategic Framework sets out the key components that need to be considered in managing a local government's information resources. It represents the key elements, and their relationships, that might be expected in an 'ideal' environment. In reality, the extent to which it is applicable will obviously depend on the size and complexity of the local government. It recognises that there will be differing capacity with the local government sector to implement ICT and to manage it in line with the IPR Framework.

The ICT Framework is not a compliance requirement. It is a resource that local governments can use to plan for, manage and review their information and technology assets.

Background

Information is a strategic resource that underpins the key functions and decision making processes of a local government. The way information is managed, including the technology used to support it, is therefore central to local government's business practices. Alongside its physical, human and financial resources, a local government must manage its information resource in a way that enables services to be delivered that best meet community needs and the priorities set by Council.

The Integrated Planning and Reporting Framework (IPR) sets out how local governments should plan for their future through the development of Strategic Community Plans and Corporate Business Plans.

The resources needed to implement these plans are identified and managed through asset management plans, workforce plans and long-term financial plans. In a similar way, information and information technology resources can be planned for and managed so that they support the strategic objectives and priorities of the organisation, as well as ensuring the business continuity of its day-to-day operations.

Information and Communications Technology is also an important foundation for the other resourcing plans.

The ICT Strategic Framework sets out the key components that need to be considered in managing an organisation's information resources. It represents the key elements, and their relationships, that might be expected in an "ideal" environment. In reality, the extent to which it is applicable will obviously depend on the size and complexity of the individual local government. It recognises that there will be differing capacity within the local government sector to implement ICT and to manage it in line with the IPR Framework.

The Framework is not a compliance requirement. It is a resource that local governments can use to plan for, manage and review their information and technology assets. It will be accompanied by a number of templates, guides and supporting documents that are designed to assist these processes.

What is ICT?

Information and Communications Technology or ICT refers to technology that will store, retrieve, manipulate, transmit or receive information electronically or in a digital form. It includes hardware, communications devices or applications, including computer hardware, software, network infrastructure, video conferencing, telephone and mobile phones.

Adequate and appropriate ICT underpins all aspects of a local government's work. It is integral to the delivery of local government services: from the provision of information and advice, to providing better analysis of environmental, demographic and social change for better land use management and planning. ICT also supports local government back office operations, providing data storage, information management, email and mobile communications. The rapid adoption of mobile, on-demand, and social media technologies has changed expectations of service delivery. These developments offer an opportunity for local government to provide services in new ways, and to interact through new modes. Mobile, internet and cloud technologies provide further opportunities for innovation and efficiencies in service delivery.

What is the ICT Strategic Framework?

The ICT Strategic Framework provides a high level framework for the effective management of information and technology to ensure ICT systems are controlled and maintained in line with corporate objectives and emerging trends.

The ICT Strategic Framework will be accompanied by supporting documents and tools such as the ICT Maturity Model, templates and example documents, policies and strategic plans, which are key resources for effective implementation of the framework.

Purpose of the ICT Strategic Framework

The ICT Strategic Framework has been developed as a tool to:

  • assist Chief Executive Officers, executive team and elected members to better understand the complexity of managing information and technology within local government.
  • encourage local governments to improve their ICT capability.
  • enable each local government to operate at or above the ICT Baseline Standard.
  • ensure ICT is adequately managed to support all aspects of local government operations, and
  • support all related elements of the Integrated Planning and Reporting Framework.

Implementation of the ICT Strategic Framework is integral to achieving the outcomes of the Integrated Planning and Reporting Framework. The ICT Strategic Framework establishes an ICT Baseline which identifies the minimum requirements for the effective provision of information management and information technology services to effectively support local government operations. Understanding the complexity of information and technology management within local government is the first step in applying the necessary measures to ensure that the baseline ICT standards are being met.

Who is involved?

The ICT Strategic Framework is targeted at local government staff responsible for managing Information Technology and Information Services (Records), and/or delivering ICT services. The ICT Strategic Framework has also been designed as a tool for local government Chief Executive Officers, executive teams and elected members to understand the complexity of managing information and technology within local government.

About the Framework

The ICT Strategic Framework is made up of eight elements:

  1. governance
  2. emerging trends and technologies
  3. business systems and applications
  4. infrastructure and technology
  5. IT business continuity
  6. security
  7. project management
  8. information management

These elements should all be considered in managing information, systems, networks and infrastructure to ensure that ICT systems are secure, protected from risk, adequately tested and controlled, and developed and maintained in line with corporate objectives.

The first seven elements and their relationships comprise an Information Technology Framework. The eighth element consists of important subsets and has been developed as a separate but related Information Management Framework. Both frameworks are underpinned by Supporting Documentation (see section 4.5 onwards 'Information Technology Framework Supporting Documentation'). This includes the policies, plans, strategies and registers required as baseline to enable effective implementation of the framework.

The frameworks should be used in conjunction with the ICT Maturity Model to assess the capability of the local government in relation to its size and functions, and to develop appropriate action plans in response.

Information technology framework

The Information Technology Framework provides a high level framework for the effective management of IT within local government. The framework identifies the elements of IT that should be considered as a minimum baseline, in managing systems, networks, devices and data, to ensure that they are secure, protected from risk, adequately tested and controlled, and developed and maintained in line with corporate objectives.

What is the structure of the IT Framework?

The IT Framework represents the discipline of IT management as comprising seven key elements. The framework has been designed with four pillars reflecting the four main IT disciplines, with Governance overarching all aspects of IT at the top of the framework, and robust project management underpinning the framework. The positioning of Emerging Technologies and Trends over the four pillars of IT recognises the role that disruptive technologies has on the delivery of IT services.

The key elements of the IT Framework are:

  1. Governance — the guiding strategies, principles and practices that guide the correct and effective delivery of ICT, and provides a framework for ICT decision making.
  2. Emerging Trends and Technologies — the emerging trends and technologies providing challenges and opportunities for local government in managing ICT systems and resources, and delivery of future ICT services.
  3. Business Systems and Applications — the software systems and applications used by a local government.
  4. Infrastructure and Technology — the hardware and network infrastructure used to deliver local government ICT services.
  5. IT Business Continuity — the activities undertaken to enable a local government to perform its key functions and deliver its ICT services.
  6. Security — protecting information and systems from unauthorised access, use, modification, disclosure or destruction.
  7. Project Management — the discipline of planning, organising, controlling, and managing resources to achieve specific goals.

The key elements are each made up of a number of lower level elements. Together, these elements describe the discipline of managing each of the key elements identified within the framework. It is important to note that all elements of the framework are interrelated and consideration should be given to how the elements interrelate when using and implementing the framework.

Information Technology Framework

Governance

  • ICT Strategy and Planning
  • Risk Management
  • ICT Procurement
  • Policy, Process and Procedures
  • Performance Measurement
  • ICT Resource Management
  • Monitoring and Compliance
  • ICT Sourcing Models
  • Social Media
  • Smart Phones and Devices
  • Bring-Your-Own-Device (BYOD)
  • Cloud Computing
  • Online Services
  • Open Data

Business Systems and Applications

  • Software Acquisition
  • Software Design and Development
  • Software Maintenance and Management
  • Business Process Analysis
  • Integration
  • Software Scoping and Requirements Definition
  • Testing and Implementation
  • Change Management
  • Version Control

Infrastructure and Technology

  • Infrastructure and Architecture
  • Virtualisation
  • Capacity Management
  • Communications and Network Management
  • Data Storage
  • IT Asset Management
  • Systems Acquisition
  • Systems Design and Development

IT Business Continuity

  • Disaster Recovery
  • Contingency Planning
  • Backups
  • Replication
  • Redundancy
  • Data Recovery
  • Emergency Response

Security

  • Access Management
  • Authentication
  • Audit
  • Remote Access
  • Incident Management, Reporting and Response
  • Physical and Environmental Security
  • Network and Communications Security

Project Management

  • Initiation
  • Planning
  • Execution
  • Reporting
  • Monitoring and Controlling
  • Closing

Defining key elements of the ICT Framework

A definition of the terms used to describe the key elements of the IT Framework is provided in the following schedule.

Governance

Governance describes the guiding strategies, principles and practices that guide the correct and effective delivery of ICT, and provides a framework for ICT decision making.

Governance Definitions

ElementDefinition
ICT Strategy and Planning

ICT Strategy and Planning involves:

Conducting ICT strategic planning

Developing systems and delivering ICT services in line with an approved ICT Strategic Plan

Alignment of the ICT Strategic Plan with the Local Government Strategic and Community Plans

Involving IT in corporate planning.

Risk ManagementRisk Management is the identification, assessment, and prioritisation of risks followed by coordinated and economical application of resources to minimise, monitor, and control the probability and/or impact of unfortunate events.1
ICT ProcurementICT Procurement involves the acquisition of ICT goods and services.
Policy, Processes and ProceduresPolicy, Process and Procedures means having documented and approved ICT policies, processes and procedures in place that staff are aware of, have access to and are actively using.
Performance MeasurementPerformance Measurement is the process for measuring and reporting performance of ICT services, often measured through tools such as Key Performance Indicators (KPIs) or service level agreements.
Performance ManagementPerformance Management is the activities which ensure that goals are consistently being met in an effective and efficient manner.2
Monitoring and ComplianceMonitoring and Compliance are the measures and controls in place to monitor compliance of ICT controls, guidelines and procedures. This includes audit logging of systems, identification of anomalies and incident handling provisions.
ICT Resource ManagementICT Resource Management is the efficient and effective use of ICT resources (information, systems, networks, infrastructure, devices and people) to deliver ICT services.
ICT Sourcing ModelsICT Sourcing Models are alternative ways of delivering ICT services. Alternate ICT sourcing models include managed solutions delivered by a service provider, systems hosting by another local government and cloud computing.

Emerging Trends and Technologies provide challenges and opportunities for local government in managing ICT systems and resources, and the delivery of future ICT services.

ElementDefinition
Social MediaSocial Media is an online media platform that allows users to generate and share content over the internet using technologies that promote engagement, sharing and collaboration.
Smart Phones and DevicesSmart Phones and Devices are electronic computing devices that are cordless, mobile and connected to the internet and include smart phones and tablet devices.
Cloud ComputingCloud Computing is an IT delivery model that allows software, servers and storage to be provided over a network or the internet on a pay-as-you-use basis.
Bring Your Own Device (BYOD)Bring-Your-Own-Device is a hardware strategy that allows staff to use their own personal computing device for work purposes, such as smart phones and devices.
Online ServicesOnline Services is the delivery of local government services over the internet, such as online lodgement of customer service requests, building and development applications, payment of rates, licences and infringements.
Online ApplicationsMobile Applications refers to the development and use of mobile applications to allow local government information and services to be accessed using a smart phone or smart device.
Open DataOpen Data is the concept that government data should be freely available to everyone to use as they wish, typically over the internet and/or using a smart phone or device.

Business systems and applications

Business Systems and Applications refers to all the software systems and applications used by a local government. 

Business systems and applications definitions

ElementDefinition
Software AcquisitionSoftware Acquisition is the process of purchasing software, including software evaluation and defining user requirements.
Software Design and DevelopmentSoftware Design and Development is the process of designing and developing software and applications.
Software Maintenance and ManagementSoftware Maintenance and Management is the process of maintaining, upgrading, supporting and managing software systems and applications.
Business Process AnalysisBusiness Process Analysis refers to the process of analysing and documenting the business processes of a local government.
IntegrationIntegration of software systems and applications to enable sharing of data between systems.
Requirements Definition

Requirements Definition is the process of identifying and documenting what the business needs are when acquiring or developing new software systems or modifications to existing systems.

The requirements should be documented, actionable, measurable and testable, and related to identified business needs and defined to a level of detail sufficient for system design.

Software ScopingSoftware Scoping is the process of defining the purpose, functions and features of a software system.
TestingTesting is the process of adequately testing software systems or upgrades prior to implementation, including test implementation and user acceptance testing.
ImplementationImplementation describes the processes involved in getting new software operating properly in its environment, including installation, configuration, running, testing, training and managing change.3

Infrastructure and technology

Infrastructure and Technology refers to the hardware and network infrastructure used to deliver local government ICT services.

Infrastructure and technology definitions  

ElementDefinition
InfrastructureInfrastructure refers to the physical IT hardware such as servers, network equipment, communications devices.
ArchitectureArchitecture refers to the design of the infrastructure environment used to interconnect computers and users, including server room and network design.
VirtualisationVirtualisation is the process of creating virtual (rather than actual) hardware platforms (server or desktop environment), operating systems, storage devices, or network resources.4
Capacity ManagementCapacity Management is the process of managing IT resources to ensure resources such as disk space, memory and processing capability meets current and future business requirements in a cost-effective manner.5
Communications and Network ManagementCommunications and Network Management are the activities involved in managing a local government's local and wide area network, including data, voice and internet communications.
Data StorageData Storage means disk or network storage space, memory or media required to store digital data.
IT Asset ManagementIT Asset Management is the practice of effectively managing the life cycle of software and hardware assets, including acquisition, implementation, maintenance, utilisation, and disposal to support strategic IT decision making.6
Systems AcquisitionSystems Acquisition is the process of purchasing systems hardware and network equipment, including defining business requirements and system evaluation.
Systems Design and DevelopmentSystems Design and Development is the process of designing and developing hardware platforms, networks and infrastructure architecture.

IT Business Continuity

IT business continuity describes the activities undertaken to enable a local government to perform its key functions and deliver its ICT services.

Continuity definitions

ElementDefinition
Disaster RecoveryDisaster recovery involves all activities required to restore a system, service or data to its state prior to a disaster, or the closest achievable state depending on the success of the disaster recovery operation.
Contingency PlanningContingency planning refers to planning for alternative business outcomes to mitigate against risk.
BackupsBackups is the process of backing up data and systems and storing them offsite to ensure that data and systems can be recovered as required.
ReplicationReplication involves replicating data and systems to a secondary site to provide resiliency and business continuity in case of an unplanned event or disaster.
RedundancyRedundancy of systems, networks and communications links to mitigate risk and provide resiliency and business continuity.
Data RecoveryData recovery is the process involved in restoring data following an unplanned event or disaster.

Security

Security means protecting information and systems from unauthorised access, use, modification, disclosure or destruction.

Security definitions 

ElementDefinition
Access ManagementAccess management involves the management of user access to systems, including assigning and revoking privileges and permissions, authentication and authorisation procedures.
AuthenticationAuthentication is the process by which users are identified on a system or network.
AuditAudit refers to the examination of the management controls within IT infrastructure, to determine if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the local governments goals or objectives. An IT audit may be performed in conjunction with a financial statement audit, internal audit, security incident or breach.7
Remote AccessRemote access is the provision of access to a local government's information systems to staff working outside of the main administration centre or wide area network. This can include from the works depot, museum, recreation centre, or staff working from home. Remote access is typically provided over the internet and secured by technologies such as a virtual private network, terminal services, virtual desktop solutions (e.g. Citrix or VMware) and/or remote desktop.
Incident Management, Reporting and ResponseIncident management, reporting and response involves identifying, analysing, reporting, and responding to IT security incidents including taking corrective and preventative action.
Physical and Environmental SecurityPhysical and environmental security refers so providing adequate physical and environmental protection for a local government's ICT assets to prevent unauthorised access, use or destruction.
Physical security describes the physical measures to deny access to IT systems, networks and information from unauthorised persons.
Environmental security includes all other non-physical security measures to systems, networks and information, such as virtual private networks, antivirus and other malware strategies and redundancy.
Network and Communications SecurityNetwork and communications security involves taking measures to secure local and wide area networks, voice communications and internet links.
Change ManagementChange management from an IT security perspective, is the process for directing and controlling alterations to the information processing environment. This includes alterations to desktop computers, the network, servers and software, but typically refers to changes in
processes and workflows that can become disruptive if not managed properly.
Version ControlVersion control is the process of managing multiple versions of software and electronic files.

Project management

Project management is the discipline of planning, organising, controlling, and managing resources to achieve specific goals.

Project management definitions 

ElementDefinition
Project initiationProject initiation is the process of defining the scope of the project. May involve establishing the scope, a project charter, and preliminary project plan.
Project planningProject planning refers to the process of establishing a project plan detailing how a project is to be accomplished within a certain timeframe and with given resources. A project plan usually identifies various milestones and/or stages of a project and the timeframes in
which they are to be completed.
Project executionProject execution refers to the process of carrying out or implementing the project. Project Execution is the implementation phase of the project plan, and is commenced once the project planning phase is complete.
Monitoring and controllingMonitoring and controlling refers to the process of monitoring progress of the project with regard to the project plan, and controlling resources to ensure delivery of the project on time and within budget.
Project closingProject closing is the process of completing project deliverables, reviewing the outcome of the project against objectives, documenting the lessons learnt, archiving project records and releasing project resources.8

Getting started – implementing the ICT Strategic Framework

The ICT Strategic Framework identifies the key elements for the effective management of information and technology, to ensure that corporate information and ICT systems are secure, protected, tested, controlled, developed and maintained in line with corporate objectives and respond to emerging trends. The information required, processes and outputs of the ICT Strategic Framework are detailed below:

What information do I have to gather?

The following information should be gathered before the ICT Strategic Framework is implemented. It is important that initial planning occurs to ensure that your local government is able to fully implement the framework and gain a clear understanding of current capacity.

ICT Supporting Documentation – Identify what strategies, plans, policies, and procedures outlined in the ICT Strategic Framework your local government already has in place.

Local Government Strategic Community Plan – In implementing the ICT Strategic Framework it will be beneficial to understand the long term vision of your local government and the role that ICT contributes to that. This will assist you to develop action plans that are appropriate to your local government in terms of your present position on the ICT Maturity Model, and where your local government aspires to be.

Challenges and Opportunities – Identify what challenges and opportunities the ICT Strategic Framework presents your local government.

  • What are the key ICT issues facing your local government?
  • How can implementation of the ICT Strategic Framework assist in addressing these issues?
  • What are the IT and IM risk factors facing your local government?
  • What are the priority areas for implementation of the ICT Strategic framework?

Internal and External Trends/Issues – What are the internal and external issues and trends that may influence implementation of the framework?

ICT Resourcing Capability – Understand the capacity and capability of your local government to implement the ICT Strategic Framework, with the ICT resources that you have available. The framework provides templates, example policies, strategies, plans and other key documents that your local government may adopt or adapt to suit your requirements.

What do I have to do?

During implementation of the ICT Strategic Framework, the following steps may be useful:

  • ICT Maturity Model – Complete the ICT Maturity Model self-assessment tool provided.
  • ICT Baseline – Determine where your local government is on the ICT Baseline standard.
  • ICT Risk Assessment – Conduct an ICT risk assessment based on where your local government is on the ICT maturity model and ICT Baseline.
  • Priority Areas – Identify priority areas for implementation of the ICT Strategic Framework.
  • ICT Resource Capability Analysis – Conduct ICT resource capability analysis to determine your capability for implementing the ICT Strategic Framework.
  • Action Plans – Develop an action plan appropriate for your local government.

What do I end up with?

  • Key ICT documents such as policies, plans, strategies and registers required as a minimum baseline to enable effective management of ICT within local government.
  • A self-assessed classification of ICT maturity on the local government ICT Maturity Model.
  • An understanding of where your local government is on the ICT Baseline.
  • An action plan to target key areas under the ICT Strategic Framework.

Information Technology Supporting Documentation

The Information Technology Framework Supporting Documentation supports the Information Technology Framework by identifying the types of documents (strategies, policies, schedules and plans) that should be in place to effectively manage information, communications and technology. The supporting documentation schedule identifies the baseline IT standard for local government, which is the proposed minimum standard for managing local government information technology.

GovernanceEmerging Trends and TechnologiesBusiness Systems and ApplicationsInfrastructure and TechnologyIT Business ContinuitySecurityProject Management

ICT Strategic Plan*

ICT Annual Business plans*

Risk Management Strategy and Plan*

Internal KPIs and Service Level Agreements

Social Media Policy**

Online Services Plan**

Cloud Computing Policy

Bring-Your-Own-Device Policy

Open Data Policy

Systems Documentation*

Systems Test and Implementation Plans**

Website and Intranet Business Plan

Website Accessibility Policy

Systems Upgrade Policy

Software Asset Management Policy

Change Management/Version Control Policy

ICT Acceptable Usage Policy*

Systems Documentation**

IT Asset Register**

IT Asset Management Plan**

IT Asset Replacement Policy

Infrastructure Capacity Plan

Virtualisation Policy**

IT Disaster Recovery Plan*

Backup Policy*

IT Risk Assessment Matrix**

IT Risk Mitigation Plan**

IT Security Policy*

Password Policy*

Security Audit Policy

Incident Response Policy

Incident Management Plan**

Business Case*

Project Schedule**

Project Risk Register**

Project Communication Plan

Project Statement (defines scope and deliverables)*

Project Status Report**

Project Issues Register**

Project Quality Plan

Project Plan*

Post implementation Review**

Asterisks represents suggested minimum requirements to meet the standards below. Those without an asterisk are the advanced (ideal standard). The actual level of uptake needs to be determined by each local government based on its size and specific business requirements.

* ICT Baseline standard
** Intermediate (Recommended) standard

What is information management?

Information encompasses all information, data and records held in any format. Information management involves:
  • capturing or creating, storing (retaining), organising, and maintaining, analysing, value-adding, and sharing, disposing of, or permanently archiving, information
  • ensuring information is available to the right people at the right time
  • keeping information secure and protected for privacy and confidentiality
  • managing information ethically and with integrity.

What is the Information Management Framework?

The Framework has been developed to help navigate the regulatory environment for information management. It fosters consistency and standardisation of information management across the public sector. The aims of the Framework are to: 

  • define a common set of principle for information management
  • enable all public sector employees to understand their information management requirements
  • enhance capability of the public sector to support digital transformation.

The framework will support implementation of the  Digital Strategy for the Western Australian Government 2021-2025 which requires the WA public sector deliver improved digital services for Western Australians.

The Information Management Framework is available from the State Records Office WA website.

Record Keeping

The State Records Act 2000 defines record keeping as "creating, maintaining, indexing, organising, storing, preserving, securing, retaining and managing records; and maintaining, preserving, securing and retaining the means by which any information on a record can be recovered".

Every local government is required to have a record keeping plan that captures key information about processes and systems used to manage their records of information.

More information about record keeping and record keeping plans are available on the State Records Office WA website.

 

Notes

  1. 'Risk Management', Hubbard, Douglas (2009). The Failure of Risk Management: Why It's Broken and How to Fix It. John Wiley & Sons. p. 46.
  2. 'Performance Management', Wikipedia, taken at 14/9/2012
  3. 'Implementation', TechTarget, accessed 21/9/2012
  4. 'Virtualisation', Wikipedia, accessed 21/09/12
  5. 'Capacity Management', Wikipedia, accessed 21/9/12
  6. 'IT Asset Management', adapted from Software Asset Management definition, Wikipedia Management, accessed 21/9/2012
  7. 'Audit', adapted from 'Information Technology Audit', Wikipedia, available at, taken 19/9/2012
  8. 'Project Management', Project Management Institute, taken 24/9/2012.

Have a question or want to report a problem?

Fill in the form to get assistance or tell us about a problem with this information or service.

Send feedback