Skip to content.
|Networking government in New Zealand.

Custodianship

Standard: Physical custodian agreement

The Business Custodian for an agency will put in place and monitor explicit directives or agreements with the Physical Custodian(s) for managing data and document stores.

Supports Policies: Custodianship

Scope and Interpretation

The purpose of the agreement is to make the expectations of the Business Custodian explicit to the Physical Custodian, and to ensure that any misunderstandings, in particular relating to technology, are resolved. It should allow each agency to confidently report that its data and document assets are being well managed and that services can be audited against a specific agreement.

Where the physical custodian is an external service provider, the agreement will be part of a formal service contract. If the agency has an internal information technology group it will be an internal agreement between the business and technology areas. An agency may have datasets in the custody of different physical custodians. There must be agreements between the Business Custodian and each Physical Custodian.

In some agencies the roles of Business and Physical Custodians may fall to the same person for some categories of data or documents (see Policies: Access rulesand related table Indicative Categories of Data and Access rules). In these cases the agreement will take the form of a clear definition of each role and the responsibilities involved.

As well as requirements specific to the agency, the following must be covered in the agreement:

  • Adherence to these policies and standards, agency specific extensions, and any specific legal requirements

  • Maintenance of equipment and system software required to access and maintain data or documents

  • Maintenance of application software required to access and maintain data or documents if applicable

  • Maintenance of the physical environment where equipment or physical media are stored to the required standard

  • Ability to connect data and document stores to a government wide standards based technology infrastructure

  • Enforcement of data and document security rules

  • Explicit backup, off-line storage, and restoration provisions

  • Explicit disaster recovery plans

  • Maintenance of a current data catalogue for each operational system if required by the Business Custodian

  • Maintenance of system documentation

  • Readiness to be audited at any time on a request from the Business Custodian

  • Management of the physical aspects of data or document conversion, or of reformatting as required by the Business Custodian

  • Proper separation of the production environment from any other and adequate migration procedures between them

  • Transmission and transportation of data either via electronic interface or secure physical media

  • Regular performance reporting

Rationale

Explicit agreements are necessary so that both parties have clear common understanding of what is required.


[ Previous | Next ]