The global skills and competency framework for the digital world

Information and records management

Separation of  Records Management from  Information Management | Reorientation of Personal Data Protection to Information and Data Compliance.

Summary of changes

  • The significant change from SFIA 8 to SFIA 9 is the separation of  Records Management RMGT from  Information Management IRMG and the reorientation of Personal Data Protection to the more generic Information and Data Compliance PEDP.
  • These changes provide more specific and focused skill definitions, to support can lead to better alignment with organisational needs and job roles.
  • The separation of Records Management from Information Management allows for a more specialised focus on the specific requirements and practices of managing records, which can be particularly important for regulatory compliance and legal purposes. This change recognizes the distinct nature of records management within the broader field of information management.
  • The shift from Personal Data Protection to Information and Data Compliance broadens the scope of the skill to encompass a wider range of compliance issues beyond just personal data. This change reflects the growing importance of data governance and compliance across various types of information and regulatory frameworks.
  • These changes benefit organisations by providing a more granular and accurate representation of the skills needed in contemporary information and data management roles.

Information Management (IRMG)

Value and impact

Information management enables the effective management and use of information assets, which include digital documents, printed material, emails, and websites. By ensuring that information is organised, controlled, and accessible, organisations can support better decision-making, enhance operational efficiency, and maintain compliance with regulatory requirements. Proper information management also mitigates risks associated with data breaches and loss of information.

Illustrative examples

  • Classification and cataloguing: Organising and categorising information assets to ensure they can be easily discovered and retrieved when needed.
  • Governance and policy development: Developing and promoting strategies and policies for the design of information architectures and taxonomies, ensuring consistency and compliance.
  • Supporting decision-making: Providing routine searches for non-sensitive information and supporting users to find and access information based on their needs and approved access.
  • Information control: Identifying risk mitigation measures required in addition to standard organisational measures and implementing controls to ensure information security and compliance.

Records Management (RMGT)

Value and impact

Records management involves the planning, implementation, and management of the entire lifecycle of organisational records. This skill ensures that records are correctly created, maintained, and disposed of, which is critical for compliance with laws and regulations, efficient retrieval of information, and protection against data loss. Effective records management supports decision-making, enhances transparency, and reduces operational risks by maintaining accurate and accessible records.

Illustrative examples

  • Compliance with legal obligations: Ensuring that records of financial transactions and communications are retained for the legally required period and disposed of appropriately after that period.
  • Document retention and disposal: Implementing a systematic process for archiving digital and physical records and securely destroying them when they are no longer needed.
  • Metadata and classification standards: Using systems of cataloguing, metadata, indexing, and classification standards to organise records, making them easier to locate and manage.
  • Supporting audits and investigations: Conducting searches for records to comply with internal or external audit requests or investigations.

Information and Data Compliance (PEDP)

Value and impact

Information and data compliance involves implementing and promoting adherence to information and data management legislation, including data protection laws like GDPR. This skill ensures that organisations handle personal data responsibly, design privacy-friendly systems, and mitigate risks associated with data breaches. Compliance is crucial for maintaining customer trust, avoiding legal penalties, and protecting organisational reputation.

Illustrative examples

  • Policy and standards implementation: Supporting the implementation of policies, standards, and guidelines related to information and data legislation, and monitoring effective controls.
  • Risk identification and remediation: Identifying risks around the use of information and data subject to specific legislation and recommending remediation actions.
  • Privacy by design: Designing products, services, and systems that respect customer privacy and embed data protection principles from the outset.
  • Incident response: Responding to data breaches and incidents, performing impact assessments, and following legislative developments to ensure ongoing compliance.