Archived - Guideline for Employees of the Government of Canada: Information Management (IM) Basics

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Note to reader

This guideline will continue to evolve over time based on feedback and suggestions from related communities of interest.

  • Has this document been helpful to you?
  • Do you have suggestions to improve it?

Please send all suggestions or enquiries to the following:

Information Management Division
Chief Information Officer Branch

Treasury Board of Canada Secretariat
270 Albert Street
Ottawa ON Canada
K1A 0R5

Email:im-gi@tbs-sct.gc.ca
Toll-free: 877-636-0656
Fax: 613-954-6758
TTY: 613-957-9090 (Treasury Board of Canada Secretariat)

Overview of Contents

These first two sections contain the bulk of the guide's information on actual practices and can be used as a source of quick reference.

The Value of Managing Information

  • Managing Information - Who is Responsible?
  • Key principles for managing information in all media

Introduction to the purpose and value of information management (IM), the related responsibilities, and key IM practices

Managing Information–In Practice

  • Plan for your information needs
    Create and collect information
  • Organize your information
  • Reuse and share information
  • Maintain and protect information
  • Transfer or destroy the right information at the right time

Key basic practices and activities for managing government information, essentially organized according to the stages of the information life cycle but presented informally

Helps employees identify the relationship between their work and the application of IM practices

When communicating this information to clients, IM specialists will recognize the connection to the information life cycle, which will facilitate and support future training and communications activities

The next four sections consist primarily of important contextual and conceptual information that employees should understand.

Manage Information Based on Its Value

  • Document your business activities and decisions
  • Keep information for as long as it is needed, then transfer or destroy it
  • Penalties for unauthorized destruction

The value of information and the related retention and disposition issues for employees

Managing Electronic Information and Email

  • Managing information on shared drives
  • Filing electronic information
  • What about email messages?
  • A word about wikis, blogs, and collaborative spaces

How to manage, file, and share electronic information, along with tools that may be available within the institution

Safeguard and Protect Information

  • Classified information
  • Protected information
  • Recognize information resources that require formal protection

Information and guidance on the protection and security of various forms of information

Job Change Can Affect Information Management Practices

  • When leaving a job
  • When starting a new job

What an employee should know and do when arriving at or leaving a job

The final section directs the reader to further external reference material.

Where You Can Find More Help

  • The experts
  • The knowledge resources

Other sources of information

Who Should Read These Guidelines

With the introduction of the Policy on Information Management (2007), the Directive on Information Management Roles and Responsibilities (2007) and the Directive on Recordkeeping (2009) as published by the Treasury Board of Canada Secretariat, these guidelines have been designed to help all Government of Canada employees understand their roles and responsibilities in managing information resources effectively.

The information has been organized into three sections that provide you with the following:

  • information on basic information management (IM) and recordkeeping (RK) practices;
  • more detailed information on IM concepts; and
  • directions to further help and advice.

As you come to appreciate your contribution to the management of government information, discuss with your manager any ideas or issues you may have. Then, as needed, consult any one of the various IM specialists or experts who can help you learn about the practices and procedures that apply to your organization.

These guidelines are designed for all Government of Canada employees and are relevant to a wide variety of environments. Institutions are encouraged to use these guidelines as a base that can be added to and customized to reflect institutional policies, procedures, directives, guidelines, tools, and best practices.

Notes:

  • For the purposes of this document, the term "Government of Canada employees" includes employees of federal institutions as defined in Schedule 2 of the Financial Administration Act. The advice contained in this guideline, however, could be beneficial to employees of institutions outside of this definition.
  • For the purposes of this guideline, "information" is equivalent to "information resource(s)" and these are the broadest of all terms – including any documentary material produced both in published and unpublished form regardless of communications source, information format, production mode or recording medium. The term "information resource" is introduced through the Directive on Recordkeeping.

The Value of Managing Information

Evidence of our contribution at work

Recognizing the value of information and managing it well is pivotal to our success, both as individuals and as an organization.

Every day, we create, collect, use and share information resources that provide evidence of our business activities. These information resources help us to make informed decisions that support our managers, our peers, and our clients and ultimately provide results for Canadians. By properly managing information, we demonstrate that we understand our responsibility to both our colleagues and to Canadians and that we take this responsibility seriously.

But what does it mean to manage information resources properly?

This guide is designed to help you gain a basic understanding of information and records management concepts and show you how you can start applying them today. As these concepts begin to shape the way you work with information, you'll quickly discover both immediate and long-term benefits.

Managing information - Who is responsible?

We're all responsible

Because we all create, collect, use and share information resources as part of our day-to-day work, we are all responsible for effectively managing those information resources while they are under our control.

Employees of the Government of Canada (GC) are advised to do the following:

  • document business activities and decisions;
  • comply with institutional information management (IM) policies, directives and standards, using approved tools, systems, and procedures;
  • organize, file, and store information resources within repositories, ensuring easy access when needed to make decisions and to support program and service delivery;
  • share and reuse information resources to support collaboration and facilitate business operations, respecting all legal and policy requirements;
  • protect sensitive information, providing or restricting its access in accordance with law, regulation, and policy;
  • be informed of and apply retention periods for information resources;
  • protect and preserve information resources of business value critical to business resumption; and
  • comply with the requirements of policies on official languages and privacy.

Your IM specialists are available to help you with these responsibilities, as needed.

Key principles for managing information in all media

The same principles apply to paper and electronic information

Support your business by applying these principles to the way you manage information resources. These principles promote the efficient use of institutional resources, make information easier to find in the future, and ensure its protection and preservation–all in accordance with business, legal, and policy requirements.

  • Create or acquire information resources that support programs, services and ongoing operations.
  • Capture those information resources of business value by saving them within a repository.
  • Avoid collecting duplicate information resources.
  • Share and reuse information resources, respecting legal restrictions.
  • Ensure that information resources of business value are complete, accurate, current, relevant, and understandable.
  • Support information access and retrieval, respecting privacy, policy, and legal requirements.
  • Safeguard information resources of business value against unlawful access, loss, and damage.
  • Ensure information resources of enduring business value are properly preserved.

The following sections of this guide offer simple and practical guidelines for applying these principles to both paper and electronic information. These guidelines help you to standardize the information management and recordkeeping techniques you already use on a regular basis, thereby saving you time right now and in the future when you have a need to find and access information.

Managing Information–In Practice

Throughout its life, information will need to be managed in different ways. The following is an overview of some of the practices recommended for you to apply to all information while it's in your care and control. While this guideline has been developed to be as complete as possible for a general audience, there may be additional practices and procedures in place in your institution, so we encourage you to consult your manager and information management (IM) specialists, as needed.

If you make a habit of applying these practices along with those specific to your institution, you will see a difference in the way you work. The information you need will be at your fingertips and it will be easy to share with your colleagues and managers. This alone can have a dramatic effect on the quality of your work life and the success of your organization.

Plan for your information needs

Think about the information you and your colleagues will need to accomplish your objectives and to make sound decisions. For example, ask yourself questions such as the following:

  • What type of information will I need to support my work requirements, and who will need to access it?
  • Will I need published information resources (e.g. books, magazines, databases, subscriptions, and online resources)? Do they already exist elsewhere, and can I use these resources to reduce duplication and costs?
  • What volume of information will I need to manage on a regular basis?
  • Will any information require security classification? If so, at what levels?
  • Has a Privacy Impact Assessment been performed, or is it needed to address any privacy issues? (See Access to Information and Privacy.)

The answers to these questions can be used in developing a sound IM plan. Discuss these questions with your manager and then consult your IM specialists for further assistance.

For more information, see the section on "Where You Can Find More Help."

Create and collect information

As you create and collect information, identify its value to your institution and manage it accordingly, making sure that it's accessible to those who need it. Some recommended practices are listed below:

  • Whenever possible, use electronic systems to create, collect, use, and manage information resources.
  • Follow institutional naming conventions when identifying, filing, and storing information resources.
  • File or save records information resources in a repository (e.g. managed shared drive, filing system, or electronic records management system).
  • Preserve the integrity and value of information resources of business value by keeping the structure, context, and content intact to facilitate future searching and use.
  • Respect information security and privacy requirements.
  • Respect official languages policies and guidelines.

Structure, context, and content

An information resource's structure (format and links to other documents or attachments), its context (information about the sender, recipient or recipients, and the time and date of creation), and its content (identified in the subject line) represent key metadata elements–often referred to as "profile fields"– that preserve the value of the information resource in any medium, provided the elements remain intact. Failing to complete this information or removing or separating the associations of any one of these elements from an information resource compromises its authenticity, usefulness, and reliability.

Speak to your IM specialists to obtain more detailed advice on how you can put these practices to work in your own organization.

Organize your information

It is recommended that you organize your information in a logical and systematic way so that it's easy to find and share. Where possible, use standards, rules, and procedures established or adopted by your institution. For example:

  • Organize all information resources according to your institution's classification system or taxonomies.
  • Develop the folder structure for your email program so that it mirrors that of your shared drive so that information resources are stored consistently across your organization.
  • Organize all published material according to the classification system of your institution's library.

Information that is well organized will help you to work better and also supports your need to respond efficiently and effectively to requests regarding access to information, privacy, and legal discovery. Classification systems are designed to manage information resources according to their business value, ensuring their proper retention and disposition.

For more information, see the "Manage Information Based on its Value" section.

The system you use to manage the information you work with will depend on the standards and tools available in your institution. Consult your IM specialists for more information or advice.

Reuse and share information

Once you have organized your information resources, you will be able to quickly find and reuse them to make work life easier for you and others. While using and sharing information, please consider the following business rules:

  • Comply with privacy, security, and legal restrictions.
  • Whenever possible, use electronic media to share information resources (business systems, email, shared drives, repositories, websites, and so on).
  • Ensure that information remains complete, accurate, current, relevant, and understandable.
  • Verify the accuracy and reliability of information, especially when conducting Web-related research.
  • Implement version control protocols when editing electronic documents.
  • Take advantage of institutional investments in information resources (magazine and journal subscriptions, databases, content management systems, online library services, and so on), while respecting copyright, licensing, and intellectual property rights.
  • When retaining information that has been copied, indicate the source (and locator information), whether it is from an information resource already saved in a repository, from a publication, or from a website.

Managing information to the way you work has many advantages. It saves you time and enables you to share information with others, reducing the duplication of effort and improving service delivery.

If you notice ways that these practices can help your organization to be more effective, communicate them to your manager. As always, your IM specialists are available to provide you with the advice you need.

Maintain and protect information

While protecting information includes guarding against unauthorized access, disclosure, or destruction, it also involves preserving the integrity and authenticity of the information. To accomplish this it is recommended that you do the following:

  • Store all information in a manner that preserves its form and status, keeping its structure, context, and content intact.
  • Protect information against loss, damage, unauthorized access, alteration, or destruction. This includes informing contractors of their responsibility to protect information that has been entrusted to them.
  • Mark each information resource according to its proper security classification, either on the paper document or in the appropriate metadata field in the electronic document profile. Avoid applying a label at higher or lower security level than it deserves.
  • Protect classified and protected information by ensuring it isn't left in waste or recycle containers and by storing it in locked desks or cabinets after work hours and during extended periods of absence.
  • Store classified information (up to and including "secret") in approved locked cabinets. Only store it on open shelves if the room has been constructed according to the Secure Room "B" standards of the Royal Canadian Mounted Police.
  • Avoid sending or storing any information above the security level for which your institutional network has been rated (normally Protected A or B).
  • Avoid populating fields or subject lines with personal information or with words that imply the disclosure of personal details or legal or disciplinary actions against an individual, unless this relates to your main line of business (i.e. security).
  • Implement effective access control procedures, ensuring that classified and protected information is only made available on a need-to-know basis to those who are authorized to access it. A security clearance does not automatically provide someone the right to see all information.

By taking these steps, we not only ensure access to the most reliable information today; we also preserve the value of information for future generations of Canadians.

If you notice areas that need improvement or think you need more help, speak to your manager. Then, contact your IM specialists, your security office representatives, or both to help you implement these practices.

To learn more about protecting GC information, see the "Safeguard and Protect Information" section.

Transfer or destroy the right information at the right time

Not all information has the same value. While some will need to be kept long-term to support your institution's operational needs or to preserve information of enduring value, other information can be disposed of when it has outlived its usefulness.

To ensure that you are always working with relevant and reliable information, it is recommended you do the following:

  • regularly destroy transitory records when they are no longer needed, complying with your institution's IM and security procedures; and
  • cooperate with information specialists to properly transfer digital or paper copies of information resources of business value through the Library and Archives Canada regulations and disposition authorities.

Applying these practices will make it much easier to quickly access the information you really need and will help to reduce storage and maintenance costs. However, please follow the guidelines of your institution, the GC, or both, as strict rules govern the disposal of government information.

For more information, see the sections "Manage Information Based on Its Value" and "Safeguard and Protect Information."

If you see the need to dispose of information in your area, speak to your manager and consult with the appropriate IM specialist (e.g. the records or library IM specialist). For more information, see the "Where You Can Find More Help" section.

Manage Information Based on Its Value

Generally, as you go about your normal business activities each day, you generate and collect paper and electronic information resources. These information resources provide an important record of the actions you've taken, the decisions you've made, and the reasons for both, allowing for transparency and accountability.

Because of their value, it is vital that you ensure that such information resources exist for all of your business activities and decisions, whether they are generated naturally in the execution of a business process or specifically created to document that process. This requirement comes from the Directive on Information Management Roles and Responsibilities.

In order to ensure the ongoing value of these information resources of business value, capture them along with any relevant metadata (e.g. subject, author, transmittal data) to ensure that they are complete, authentic, and reliable. Retain information resources of business value in accordance with institutional records management standards and procedures, stored or profiled within a repository, if available, and protected against damage and loss.

For more information, see the section on "Managing Information–In Practice." Your IM specialists can also provide extensive advice and support.

Document your business activities and decisions

The following are examples of the types of information resources that are of business value and which you might create, acquire or collect to document business functions and activities:

  • transactions–orders, receipts, requests, confirmations;
  • interactions between clients, vendors, partners, or other departments and agencies;
  • planning documents–budgets, forecasts, work plans, blueprints (technical or engineering designs), information architecture schematics;
  • reports, policy, briefing notes, memoranda, or other papers supporting business activities–all significant versions (including those that were circulated for comment or that contain comments related to the substance of the content and provide evidence of the document's evolution), the final product, distribution information;
  • meeting documents–agendas, official minutes, records of decision;
  • records of contact with lobbyists (This supports the Lobbying Act that requires designated public office–holders to retain information about contact with lobbyists);
  • committee documents–terms of reference, list of members;
  • requests for information and the responses–emails, form letters or templates used to collect responses, related instructions, completed responses in any format;
  • client records–applications, evaluations, emails, assessments, and so on;
  • records of discussions, deliberations, or any situation related to any of the above that further documents the decisions made along with the logic used; and,
  • information resources which could provide additional information for auditing and monitoring activities and programs.

Keep information for as long as it is needed, then transfer or destroy it

"No government or ministerial record, whether or not it is surplus property of a government institution, shall be disposed of, including by being destroyed, without the written consent of the Librarian and Archivist or of a person to whom the Librarian and Archivist has, in writing, delegated the power to give such consents." Source: Library and Archives of Canada Act, Section 12. (1)

The value of information doesn't only determine how it's used and protected but also when and how you can dispose of it. Many factors, including laws, regulations and information policies, and business needs affect how long information should be kept and what its ultimate outcome will be. For example, some information resources of business value may need to be kept for several years, even decades. Information resources of enduring value will be transferred to Library and Archives Canada (LAC). In compliance with privacy legislation, personal information must be kept for two years after the last administrative use, unless the individual consents to earlier disposal. Still other information, such as transitory records, might only be needed for a very short period of time and can then be destroyed.

Transitory records are those information resources that are required only for a limited time to ensure the completion of a routine action or the preparation of a subsequent record. They do not include records required by government institutions or Ministers to control, support, or document the delivery of programs, to carry out operations, to make decisions, or to account for activities of government. (Source: the LAC Multi-Institutional Disposition Authorities (MIDA) for the Destruction of Transitory Records)

Examples of transitory information resources include the following:

  • working drafts of no particular significance that were never formally circulated;
  • annotated drafts where annotations become part of a subsequent version and do not provide evidence of decisions related to the evolution of the final document;
  • a copy of a document kept for ease of reference or convenience only;
  • information that lacks logical or coherent organization and therefore does not have context;
  • data that has been used for an update process (including batch processing) and that is no longer needed to serve as backup or to support reconstruction of the master file or database;

    Note: Transitory records do not include records of which a portion is used to update a master file or database or records that contain a signature;

    and
  • data that has been extracted, manipulated, sorted, transmitted, or any combination of the above to another location or system while the master file is retained, but only once the process, transmittal, or both has been verified.

Other information that should be deleted when no longer required:

  • casual communications such as invitations to lunch; and
  • personal documents stored on your computer or in your work area.

LAC authorizes the destruction of transitory records when they are no longer required for business purposes. You should consult, however, with your manager and IM specialists to know if there are specific institutional rules in place that provides guidance for transitory records.

Caution!

Transitory records, like all other information resources under the care and control of the institution are subject to Access to Information and Privacy (ATIP) legislation.

An exact copy of any information resources relevant to an ATIP request is made and retained by the ATIP office for the purpose of responding to an access or privacy request. This does not, however, remove the IM requirements of the original. They may not be destroyed during a related access or privacy request proceeding and cannot be modified or deleted until two years after the request has been fully satisfied. They also have to be retained during any legal discovery process relating to the subject of the information resources.

Note: Your personal documents are not under control of the institution and are not subject to ATIP legislation or legal discovery processes. (Examples of personal documents include records accumulated before assuming a federal government position; materials pertaining to an individual's private affairs outside government services; and diaries, journals, or other personal notes prepared for other reasons than carrying on the work of the institution). If, however, you used personal removable devices to transport business related information resources, those information resources on the devices are subject to ATIP or legal discovery processes. Similarly, if you copy or create information resources on your home computer or other personal devices, these information resources are deemed to be under the care and control of the institution and are subject to the acts.

Storage of inactive information resources of business value

When information resources have not been consulted for an extended period of time, they are considered inactive. However, they may not yet have reached the end of their retention period. When this happens, inactive information resources of business value are sometimes transferred to more economical off-site storage facilities until the time comes to finally dispose of them, either by destroying them or transferring them to LAC. While they are in storage, you will still be able to access these information resources, whether for business purposes or to respond to ATIP or legal discovery requests. If you need to arrange for the storage of your inactive information resources, speak to your manager and to your institutional IM specialists.

The retention period is the period of time that information resources should be kept before they can be legally disposed. This period is as follows:

  • established by the business managers in consultation with IM specialists;
  • counted from the last administrative action performed on or using the information resource ; and
  • usually identified in years.

For example, financial records usually have a retention period that ends six fiscal years after the last administrative use.

Penalties for unauthorized destruction

Legislation stipulates that government information resources must be protected against unauthorized destruction.

The Access to Information Act criminalizes the intent to deny a right of access through destruction, mutilation, alteration, falsification, or concealment of a government record as well as directing or counseling an individual to do those things. Individuals who are found guilty could face criminal charges, financial penalties, or both.

Managing Electronic Information and Email

As more and more information is created and transmitted electronically, it's important to recognize that both electronic and paper-based information resources should be managed according to sound information management (IM) principles. Identify, capture, retain, protect, and preserve electronic information (including email and attachments) so that it continues to be available and accessible to support decision making as well as program and service delivery.

Because electronic information is so easy to create and delete, managing it effectively becomes an issue of personal accountability. File current or frequently referenced information in a way that permits efficient and authorized access, while also disposing of transitory information no longer needed.

For more information, see the "Manage Information Based on Its Value" section.

Note: Avoid sending or storing any information above the security level for which your institutional network has been rated (normally Protected A or B).

Organizing information on shared drives

Where there are no established procedures in an institution to manage electronic information or if you have electronic information resources that cannot be managed using the established procedures, your organization's shared drive can be used to store your electronic information resources. It is recommended that you have procedures in place to properly manage it. Name, inventory, and organize the electronic documents according to, or linking to, the institutional classification system if one is in place. Associating electronically stored information with the institutional classification structure facilitates locating and retrieving related information and applying life-cycle management procedures, including planned transfer or deletion. Keep in mind, however, that access to classified and protected material is restricted to authorized employees. Also, when using a shared drive, it is advised that file permissions are set to "read only" to ensure documents are not altered or easily destroyed.

If you don't have an institutional classification structure, your IM specialists can suggest effective alternate methods for organizing your shared drive.

Filing electronic information

The method you use to file information will depend on the policies, procedures and tools available in your organization. Many institutions have deployed the Records, Document and Information Management System (RDIMS) or a comparable electronic business system to capture these information resources. In most cases, these types of systems allow electronic documents, email messages and attachments, digital images, and so on to be filed directly into a repository according to an institutional classification structure. Once filed, they are managed according to established IM and recordkeeping policies, standards, and rules, ensuring their proper retention and disposition. Anyone with authorized access can search for and retrieve these information resources when they're needed.

If your organization doesn't have an electronic records and document management system or repository(ies), speak to your manager and consult with the appropriate specialist (e.g. the records or library functional specialist) to find out more about your internal policies on filing electronic information. For more information, see the "Where You Can Find More Help" section.

What about email messages?

Emails can also be of business value

Email messages that pertain to GC business are considered information resources of business value which are to be retained and managed accordingly, along with any attachments or metadata that contribute to their structure, context, and content. For more information, see the section on "Filing electronic information."

Generally, the originator of an email message will be responsible for retaining and filing the message (along with attachments). Sometimes, however, emails will be received from private citizens or from people in other government institutions who don't have access to the institutional filing system. In these cases, seek advice from your manager or IM specialists about who has the responsibility to retain and file the message.

File your email messages

Properly file email messages and attachments. It is not recommended to store them indefinitely in your email application or on your hard drive because it does not allow the messages to be incorporated into the institution's repository(ies). Nor should you simply rely on LAN backup tapes to store your email records. Information stored on backup tapes is not identified, organized, or inventoried to facilitate access and retrieval or timely disposition. Additionally, there is no mechanism to ensure the information is current, relevant, or accurate, and you have no control over how long backup tapes are retained. The volume and random nature of information on backup tapes makes retrieval laborious and imprecise. Therefore, it is recommended to follow the procedures outlined in the section on "Filing electronic information."

A word about wikis, blogs, and collaborative spaces

Records are created in all media through any application

Collaborative environments created or used by a federal institution to conduct business-related activities with either internal or external audiences are advised to have business rules and codes of conduct established for participants. The information contained in these environments comprise information resources that are subject to Access to Information and Privacy (ATIP) requests. Respecting to the extent possible the recommendations in this guideline, will enhance IM in collaborative environments.

Employees may contribute to externally hosted sites for social networking or collaborative activities. The information contained on these sites may or may not be considered information resources of business value but may nonetheless be subject to federal or provincial access to information legislation. In this light, it is worth remembering the following:

  • Under the Values and Ethics Code for the Public Service, public service employees are required to act at all times in such a way as to uphold the public trust and to perform their duties and arrange their private affairs such that public confidence and trust in the integrity, objectivity, and impartiality of government are conserved and enhanced; and,
  • The Communication Policy, Section 20, stipulates that only ministers and designated spokespersons who receive appropriate instruction may represent the institution.

The Guideline for the acceptable use of wikis and blogs within the Government of Canada provides practical advice and guidance on the acceptable use of wikis and blogs within the Government of Canada in the context of relevant policies and legislation.

Safeguard and Protect Information

All government information resources require some level of protection. There is a particular need, however, to properly mark and adequately protect and secure classified and protected information, in all media, as its compromise could bring injury to individuals or to the national interest as a whole.

Classified information

Classified information relates to the national interest. It concerns the defence and maintenance of the social, political, and economic stability of Canada. There are three levels of classified information:

Top secret: A very limited amount of compromised information could cause exceptionally grave injury to the national interest.

Secret: Compromise could cause serious injury to the national interest.

Confidential: Compromise could cause limited injury to the national interest.

Protected information

Protected information refers to specific provisions of the Access to Information Act and the Privacy Act and applies to sensitive personal, private, and business information.

Protected C: Compromise of a very limited amount of information could result in exceptionally grave injury, such as loss of life.

Protected B: Compromise could result in grave injury, such as loss of reputation or competitive advantage.

Protected A: Compromise could result in limited injury.

Note: Avoid sending or storing any information above the security level for which your institutional network has been rated (normally Protected A or B).

For more information, consult your institution's security policy. Inform your manager of any issues requiring attention. You can also contact the IM specialists and your security office representative for advice on managing security-classified, i.e. protected or classified, information.

Recognize information resources that require formal protection

Learn to recognize other categories of information resources that require formal protection. Some examples are as follows:

  • information resources received in confidence from other governments and organizations–these information resources should be marked as "received in confidence," indicating the source before being distributed to other institutions;
  • information resources obtained or prepared by a federal investigative body, which assigns the appropriate level of protection–institutions receiving these information resources should give equivalent protection, after consultation with the investigative body;
  • Cabinet confidences, including information resources prepared to inform or obtain decisions from the Queen's Privy Council of Canada or information resources that reflect Council communications, discussions, deliberations, or decisions–for more information, see the Policy on the Security of Cabinet Confidences, April 2007;
  • personal information, which is information about an identifiable individual that is recorded in any form, including information about an individual's race, age, personal address, or medical history–the Privacy Act imposes legal controls on the collection, use, retention, disclosure, and disposal of personal information;
  • commercial or private business information, which includes trade secrets, confidential information supplied by a third party in confidence, information that could result in financial loss or prejudice someone's competitive position, and information that could interfere with contractual or other negotiations of a third party; and
  • advice relating to internal decision making that could interfere with institutional operations if disclosed.

For more information on safeguarding information resources during transport or transmittal, please refer to the Operational Security Standard on Physical Security.

For more information, refer to the complete set of TBS security policies and publications. In addition, consult your organization's security manual to confirm the specific procedures that apply within your work environment, or contact your security office representative.

Job Change Can Affect Information Management Practices

In today's work environment, it's not unusual for employees to change jobs quite often during their career. This trend can actually have a significant effect on how well we manage our information resources.

When leaving a job

When leaving your job, good information management (IM) practices as outlined below ensure that your colleagues can continue to access and manage the information and resources they need to do their jobs well. Regular attention to these activities (rather than waiting until you leave) will also help to minimize the stress often associated with a job change. It is recommended that you:

  • Follow the internal policies for administrative closure for your business processes and discuss your responsibilities with your manager when leaving a job.
  • Provide pertinent information about everything you leave for your successor, explaining why it will be needed.
  • Remove all information resources not related to institutional business from any shared and personal drives.
  • Transcribe any business-related information contained in diaries, notebooks, or black books and place it into the repository.
  • Properly destroy or delete all transitory records, remembering that they cannot be destroyed during a related access or privacy request or legal discovery proceeding and cannot be modified or deleted until two years after the request has been fully satisfied.
  • Ensure that information resources of business value, in all media, are organized and filed according to the policies, standards, and procedures established or adopted by your institution so that the information continues to be accessible to other employees. Consult your manager and IM specialists to confirm the procedures in your organization. For more information, see the sections on "Managing Electronic Information and Email," and "Filing electronic records."
  • Consult your IM specialists to ensure that files in your custody are transferred to the custody of another employee or to the appropriate repository.
  • Create a list of job-related website addresses, a summary of ongoing projects and related contact information, and an inventory of information resources (including file or locator numbers) that will help your successor make the transition to his or her new job.
  • Return material that has been borrowed from the library or records office.
  • Cancel or forward subscriptions.
  • Remove your name from distribution lists.

Contact your IM specialists for any supporting advice or assistance. For more information, see the "Where You Can Find More Help" section.

When starting a new job

Starting a new job provides you with an ideal opportunity to establish good practices for managing government information resources right from the start. The following are some recommended examples:

  • See if any electronic and paper information resources of business value have been transferred to your custody. Speak to your IM specialists to find out if there is a list of these that can be provided to you.
  • Take note of any instructions or messages you receive regarding access to electronic tools such as a shared drive, business system or repository(ies).
  • Familiarize yourself with your IM responsibilities and practices by reviewing the information in this guide. Also, take advantage of any IM and recordkeeping awareness and training sessions that may be available. Contact your manager and IM specialists to obtain more information.

IM specialists are available to help you make the transition to your new job.

Where You Can Find More Help

This guide has been designed to provide a basic overview of the guidelines and practices associated with managing information within the GC. It does not, however, contain specific procedures for your particular work environment. Therefore, we encourage you to contact the following experts to confirm the information and records management responsibilities, procedures, and work tools that apply within your organization.

The experts

Information management (IM) specialists*, in IM policy, records offices, the library, forms management, and mail services, are available to answer your IM questions. They can help you plan your information needs, determine the best way to organize the information you work with, learn how long to keep information, and find out what can be deleted or destroyed, along with many other important IM practices.

Your IM specialists also provide training on the use of various IM tools, and procedures, including document management, records and information management systems, classification structures, and library reference and research instruments.

*Note: Members of this group (along with the ATIP specialists and others) are called "IM functional specialists" in the Directive on Information Management Roles and Responsibilities, where their responsibilities are defined.

The Access to Information and Access to Privacy (ATIP) office advises on requests received under the Access to Information Act or the Privacy Act, Privacy Impact Assessments, Info Source updates, and privacy issues (collection, use, disclosure, protection, retention, and disposal of personal information).

Security office representatives can help you understand the requirements pertaining to security classification, business continuity planning, and public key infrastructure (PKI).

Official languages office staff outline language requirements for distributing information to internal and external audiences.

The communications, public relations, or public affairs office can help you communicate effectively with the public, such as how to acknowledge receipt of a letter from the public.

The system administrator or help desk helps you to troubleshoot problems with software for electronic information management systems.

Legal services offers interpretation and advice pertaining to all legal matters, including ATIP and contract matters.

The knowledge resources


Appendix A

Definitions

Note: This glossary forms an appendix to all information management guidelines and will be continuously updated as guidelines are developed.

Term

Definition

Source

access to information (accès à l'information)

Provides a right of access to information in records under the control of a government institution on the principles that government information should be available to the public, that necessary exceptions to the right of access should be limited and specific, and that decisions on the disclosure of government information should be reviewed independently of government.

Access to Information Act, subsection 2(1)

department (ministère)

See "federal government institution".

 

disposition authorities(Autorisations de disposer)

Disposition authorities are the instruments that enable government institutions to dispose of records which no longer have operational value, either by permitting their destruction (at the discretion of institutions), by requiring their transfer to Library and Archives of Canada, or by agreeing to their alienation from the control of the Government of Canada.

Directive on Recordkeeping

essential record (document essentiel)

A record essential to continuing or re-establishing critical institutional functions.

Policy on Information Management

federal government institution (institution fédérale)

In the context of the Framework for the Management of Information (FMI) in the Government of Canada, a statutory department, agency, or corporation as defined in Schedules I, I.1, and II of the Financial Administration Act (FAA) .

Note: All other public institutions subject to the FAA and the Access to Information Act are encouraged to apply the policies, standards, and guidelines of the FMI.

Management of Information (FMI)

functional specialist (spécialiste fonctionnel)

An employee who carries out a role and responsibilities that require function-specific knowledge, skills, and attributes, such as in one of the following priority areas: finance, human resources, internal audit, procurement, materiel management, real property, or information management

Policy on Information Management

information architecture (architecture d'information)

The structure of the information components of an enterprise, their interrelationships, and the principles and guidelines governing their design and evolution over time.

Information architecture enables the sharing, reuse, horizontal aggregation, and analysis of information.

Policy on Information Management

information life cycle (cycle de vie de l'information)

The life cycle of information management encompasses the following: planning; the collection, creation, receipt, and capture of information; its organization, use, and dissemination; its maintenance, protection, and preservation; its disposition; and evaluation.

Directive on Information Management Roles and Responsibilities

information management (gestion de l'information)

A discipline that directs and supports effective and efficient management of information in an organization, from planning and systems development to disposal or long-term preservation.

Policy on Information Management

information management functional specialist (spécialiste fonctionnel en gestion de l'information)

An employee who carries out roles and responsibilities that require function-specific knowledge, skills and attributes related to managing information such as those found in records and document management, library services, archiving, data management, content management, business intelligence and decision support, information access, information protection and information privacy.

The roles and responsibilities of information management functional specialists support departmental objectives and programs with planning, tools or services which provide accurate, reliable, current, and complete information to the appropriate people, in the appropriate format, at the appropriate time.

Directive on Information Management Roles and Responsibilities

information resources (ressources documentaries)

Any documentary material produced in published and unpublished form regardless of communications source, information format, production mode or recording medium. Information resources include textual records (memos, reports, invoices, contracts, etc.), electronic records (e-mails, databases, internet, intranet, data etc.), new communication media (instant messages, wikis, blogs, podcasts, etc.), publications (reports, books, magazines), films, sound recordings, photographs, documentary art, graphics, maps, and artefacts.

Directive on Recordkeeping

information resources of business value (ressources documentaires à valeur opérationnelle)

Are published and unpublished materials, regardless of medium or form that are created or acquired because they enable and document decision-making in support of programs, services and ongoing operations, and support departmental reporting, performance and accountability requirements.

Library and Archives Canada: Business Value - Concepts

publication (publication)

Any library matter that is made available in multiple copies or at multiple locations, whether without charge or otherwise, to the public generally or to qualifying members of the public by subscription or otherwise.

Publications may be made available through any medium and may be in any form, including printed material, online items, or recordings.

Policy on Information Management

record (document)

Records are information created, received, and maintained by an organization or person for business purposes, legal obligations, or both, regardless of medium or form.

Directive on Recordkeeping

recordkeeping (tenue des documents)

A framework of accountability and stewardship in which records are created, captured, and managed as a vital business asset and knowledge resource to support effective decision making and, within the GC, achieve results for Canadians.

Policy on Information Management

repository(ies) (dépôt(s))

A repository is a preservation environment for information resources of business value. It includes specified physical or electronic storage space and the associated infrastructure required for its maintenance. Business rules for the management of the information resources captured in a repository(ies) need to be established, and there must be sufficient control for the resources to be authentic, reliable, accessible and usable on a continuing basis.

Directive on Recordkeeping

Records, Document and Information Management System (RDIMS) (Le Système de gestion des dossiers, des documents et de l'information (SGDDI))

An electronic enterprise records and document management solution that increases efficiency in organizing, structuring and sharing information in a corporate repository. RDIMS gives departments and agencies the ability to manage the information life cycle and fulfill their Information Management policy obligations.

Public Works and Government Services Canada – Information Technology Services – Product Catalogue

retention period (délais de conservation)

The period of time information resources are kept before they can be legally disposed. This period is negotiated between business managers and IM specialists, counted from the final action performed on or with the record, and usually identified in years. For example, financial records usually have a retention period that ends six fiscal years after the final action.

A Guideline for Employees of the Government of Canada: Information Management Basics

senior executive (Cadre supérieur)

An executive-level manager designated by the deputy head of the institution to provide a department-wide focus on the management of information

Directive on Information Management Roles and Responsibilities