Google Links

Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge

Elements and Performance Criteria

1. Establish the organisational context
   • Identify and document legislative and regulatory requirements for the organisation.
   • Analyse legislation for any information management security implications and document outcomes.
   • Review organisational purpose and function for compliance requirements.
   • Analyse broad social context in which the organisation operates to determine community expectations.
2. Determine the principal areas of risk requiring information strategy
   • Review and update existing risk analyses.
   • Review and document regulatory requirements and legal liabilities for their impact on the information systems framework.
   • Determine and document risks and liabilities to be managed by information systems, informing the development of the framework.
3. Determine the information system requirements for each business function
   • Analyse risks, liabilities and regulatory requirements.
   • Document and communicate identified requirements as evidence to be captured as records.
   • Formulate information system specifications from the evidence requirements.
   • Determine information security requirements.
   • Determine specifications for information systems security measures.
4. Establish information systems framework for organisation
   • Develop and communicate an overview of responsibilities for information management within the organisation.
   • Define responsibilities and authorities in relation to regulatory requirements.
   • Define information management responsibilities and rights for each business function.
   • Integrate identified risks and liabilities managed by information systems.
   • Define, assign and document levels of accountability and responsibility within the framework.
   • Formulate and document security procedures for information systems.
5. Obtain approval for framework
   • Communicate completed and documented framework for review and endorsement.
   • Establish review process and assign appropriate persons with maintaining the currency of the organisation’s information systems framework.
6. Establish the organisational context
   • Identify and document legislative and regulatory requirements for the organisation.
   • Analyse legislation for any information management security implications and document outcomes.
   • Review organisational purpose and function for compliance requirements.
   • Analyse broad social context in which the organisation operates to determine community expectations.
7. Determine the principal areas of risk requiring information strategy
   • Review and update existing risk analyses.
   • Review and document regulatory requirements and legal liabilities for their impact on the information systems framework.
   • Determine and document risks and liabilities to be managed by information systems, informing the development of the framework.
8. Determine the information system requirements for each business function
   • Analyse risks, liabilities and regulatory requirements.
   • Document and communicate identified requirements as evidence to be captured as records.
   • Formulate information system specifications from the evidence requirements.
   • Determine information security requirements.
   • Determine specifications for information systems security measures.
9. Establish information systems framework for organisation
   • Develop and communicate an overview of responsibilities for information management within the organisation.
   • Define responsibilities and authorities in relation to regulatory requirements.
   • Define information management responsibilities and rights for each business function.
   • Integrate identified risks and liabilities managed by information systems.
   • Define, assign and document levels of accountability and responsibility within the framework.
   • Formulate and document security procedures for information systems.
10. Obtain approval for framework
    • Communicate completed and documented framework for review and endorsement.
    • Establish review process and assign appropriate persons with maintaining the currency of the organisation’s information systems framework.

Performance Evidence

Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least two occasions.

applying legislation, regulations and policies relating to government information systems security

analysing process functions and problems

preparing, compiling and writing complex documents and reports

communicating complex relationships and processes effectively to users and management

documenting complex relationships and processes

identifying and viewing component parts as integral elements of the whole system

reading and interpreting mathematical concepts and values embedded in specifications and complex technical documentation

analysing and interpreting legal, regulatory and security requirements and organisation policies and procedures

analysing and synthesising documentation, verbally delivered information, and observed behaviours

consulting with diverse stakeholders to elicit relevant information for analysis

---

Knowledge Evidence

Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate.

Operational knowledge of:

legislation, regulations, policies, procedures and guidelines relating to government information system security

equal employment opportunity, equity and diversity principles

public sector legislation in the context of government information systems security

sources of information about jurisdictional requirements for information systems

equal employment opportunity, equity and diversity principles

public sector legislation, including WHS and environment, in the context of government information systems security

requires comprehensive knowledge of functions and structures in the organisation

policies and strategies that apply across the jurisdiction

information management principles and processes

information security requirements

---