This chapter addresses the roles, responsibilities and competencies needed to manage information for international development, particularly in connection with measuring the Sustainable Development Goals (SDGs) reliably. We specifically focus on the management of records, which are information carriers and can contain or be used to create data and statistics. However, our approach can equally be applied to the management of data, statistics and information more generally.

Quality information for international development

An important theme running through the chapters in this volume is the role of records as evidence for accountability and transparency in civil society and for organisational decision-making. Information, data and records are crucially valuable for both national and international development generally, and for achieving the UN SDGs in particular. The ability to share information is of paramount importance for sustainable development in all areas.¹ Indeed, the importance of information is stressed in many of the SDGs. For example, SDG 16.10 specifically advocates ensuring public access to information. Information is also recognised as being vital to reviewing progress in implementing the SDGs and targets and is embedded in the UN Sustainable Development Agenda: ‘Quality, accessible, timely and reliable disaggregated data will be needed to help with the measurement of progress and to ensure that no one is left behind. Such data is key to decision-making. Data and information from existing reporting mechanisms should be used where possible.’² Records document reporting mechanisms and other organisational processes. However, to realise the value and the role of records and the data they contain, records need to be managed effectively.

One of the significant challenges of managing digital information in the context of supporting international development is the quality of information and, therefore, the quality of data, records and statistics. Quality information is an essential requirement. If we make decisions, develop strategies or policies based on poor quality information then, at best, they will be flawed or inadequate, at worst, catastrophic. This is explicit in the SDGs. For example, SDG 14.5 states that the conservation of coastal and marine areas will ‘be consistent with national and international law and based on the best available scientific information’. To take another example, SDG 12.6 refers to sustainable consumption and production patterns and encourages companies to ‘adopt sustainable practices and to integrate sustainability information into their reporting cycle’.

But what is quality information? Scholars who have studied information quality have approached the question by developing sets of attributes, or criteria, that information should have (or should meet) for it to be quality information. For instance, Miller identified ten attributes of quality information as: relevance, accuracy, timeliness, completeness, coherence, format, accessibility, compatibility (with other information so that it can be combined), security and validity.³ Validity, Miller said, was ‘resultant rather than a causal dimension of information quality’. The ten attributes reflect four dimensions of information or data quality that are important to data users. Wang and Strong refer to these as:

The last two dimensions emphasise the importance of the role of systems in supporting information quality. In other words, and slightly rewriting the authors, ‘high-quality information [data] should be intrinsically good, contextually appropriate for the task, clearly represented, and accessible to the [data] consumer’.⁵ Information that lacks some of these attributes has resulted in flawed decision-making that has been identified as a contributory cause of major disasters.⁶ Quality information is not necessarily ‘perfect’ information but is rather the best quality we can have in the particular context or circumstances. It is vital for all stakeholders, including information creators, managers and users, to be discerning. They should adopt a degree of scepticism and evaluation, seek to evaluate the risks involved and question the degree of trust that can be placed in information when using it to underpin decision-making and action. Foster et al. suggest an approach to information governance that helps to balance risk and value by asking questions about people, processes and value.⁷ They identify organisational conditions such as ICT infrastructure, capability and culture and, at a micro level, structural, procedural and relational (which includes education and training) conditions that will support better information governance.⁸

Delivering information quality comes from good design of systems and processes together with good governance, including policy, standards and the audit of those systems and processes. International standards provide guidance on the design and operation of effective information systems, for instance standards on data quality and its management (ISO 8000 series) and on the management of records (to protect their characteristics of authority, authenticity, reliability, integrity and usability – ISO 15489:2016; ISO 30300:2020; ISO 30301:2019).⁹

Delivering quality information requires not only system capability and financial resources, but also human capacity. Human capacity covers three main groups of people. The first group comprises what we might broadly call the information professionals – those with direct responsibility for managing the quality of information, including information managers, records managers and those with responsibility for delivering the infrastructure that supports the management of information, such as processes and context for information security, data protection, information and communication technologies. ISO 30301:2019 identifies the people responsible for implementing management systems for records as including ‘professionals in the areas of risk management, auditing, records, information technology and information security’.¹⁰ The second group comprises senior managers within the organisation who make decisions, determine policies and provide resources that affect the ability of the information professionals to work effectively.

The third group comprises information users. The users may be internal to the organisation, both at operational and strategic levels, including, for instance support functions such as HR and finance, as well as specialists in particular operational areas and statisticians. They also include users external to the organisation. In the context of international development, external users can include policy-makers, governments, citizens, advocacy groups, third sector and charitable organisations and independent oversight authorities.

The first group, professionals concerned with ensuring information quality, are people with the knowledge and skills needed to ensure that data, records and information are managed from creation through to destruction or preservation and remain accessible and useable. Foster et al. identify groups of professionals who are critical to data work as including ‘IT professionals, legal specialists, risk and security professionals, health and business users, along with data and information professionals’.¹¹ This group also includes data scientists and statisticians, who have the analytical knowledge and skills needed to design algorithms, analyse, link, extract, visualise and present data for the users.

This first group needs the support of the second key group – senior managers – or those ‘who make decisions regarding the establishment and implementation of management systems within their organisation’,¹² who are in a position to advocate high-quality and effectively managed information, as highlighted in ISO 30301:2019. Managers provide the contextual infrastructure that is essential for the work of information professionals, the necessary resources, and the communication and policy systems that enable the creation, management and use of data and information, both internally and externally. Senior managers are also information users.

The third group comprises data and information users, who need to be satisfied with the quality of the data or information and aware of their own role in assessing quality. This involves being able to trust the systems and organisations that provide the information.¹³ Information users need to ask questions about how the information was produced. Their judgement about the reliability and quality of the information involves assessing the risks involved. For instance, if the information is based on an analysis of data or statistics, then the analytical methods, approaches to data linkages, models or algorithms must be transparent so that they can be understood clearly. Increasingly, researchers are seeking to develop models and approaches for Human Explainable Artificial Intelligence, which should make it easier to understand algorithms and to improve transparency and accountability.¹⁴

A senior manager or decision-maker is unlikely to fully understand all the questions that need to be asked in order to have full confidence in the reliability and quality of the information in order to trust it. Judgement about information quality involves assessing the risks involved. There is a need to adopt a risk-based approach, much as a statistician does in presenting the results of a statistical analysis with a greater or lesser ‘degree of confidence’. It is also important to realise that quality information for one person may not be perceived as quality information by another.¹⁵ Users’ needs are different, may change through time or may depend on the particular context.

It is clear that decisions and actions are only as good as the information on which they are based. A balanced approach to managing quality information requires skilled records and data management professionals, supported by managers who advocate systems for quality information management. It also demands discernment on the part of users in assessing and trusting the quality of the information they use.

Key players in records management, their roles and responsibilities

Managing records is not just the remit of a specialist group of information professionals; rather it is a shared responsibility of multiple players who fall into the three groups outlined above. The first group (information professionals) includes records professionals, legal and information technology professionals. The second group comprises managers (including leaders and senior managers, as well as project and programme managers) who enable the work of the information professionals. The third group (the users) includes all organisational personnel and staff, together with external stakeholders, including contractors, with whom business processes and records are shared.¹⁶ This section identifies the respective responsibilities of these three groups of players for managing records and information for development.

Group 1: professionals with the necessary technical skills and qualifications (such as records, IT) to ensure information quality

Organisations need to focus on making professionals aware of how their knowledge, professional skills and information competencies can be used effectively to support sustainable development. ISO 30301:2019 sets out the broad operational responsibilities to be carried out by ‘a specific records operational representative who shall have a defined role, responsibility and authority’ that includes ‘implementing the M[anagement] S[ystem for] R[ecords] at the operational level, reporting to the top management on the effectiveness of the MSR for review, including recommendations for improvement, and establishing liaison with external parties on matters relating to the MSR’.¹⁷

Group 2: managers (senior, programme, functional) who enable or facilitate the work of the professionals

Managers need to understand the importance of managing records, the impact of their decisions on the organisation’s capacity to manage and protect records’ quality and the implications for decision-making and actions in a development context. ISO 30301 recommends that ‘top management shall ensure the responsibilities and authorities for relevant roles are assigned and communicated within the organization’ and that those responsibilities ‘shall be appropriately allocated to all personnel at relevant functions and levels within the organization … who create and control records as part of their work’, to support and enable the work of those professionals.¹⁸ In particular, ‘they shall assign the responsibility and authority for: a) ensuring that the MSR conforms with the requirements of this document and b) reporting on the performance of the MSR to top management’.¹⁹

Group 3: all other stakeholders and users of the information, inside and outside the organisation

Organisations need to recognise the value of quality information, the contribution that good records and information management makes and the need to be able to access relevant and timely information for development purposes. They need to be able to assess the quality of information and to ensure that it is used appropriately to inform development decision-making, policy, processes and operations. ISO 30301:2019 states that there should be a ‘periodic review of the competencies and training of those personnel’ to ensure that ‘these persons are competent on the basis of appropriate education, training, and experience’. The requirement for managers to ‘take actions to acquire the necessary competence and evaluate the effectiveness of the actions taken’ implies a thorough programme of skills development and training which goes beyond the information professionals and managers.²⁰

The competency of these three groups of key players directly affects an organisation’s capacity for managing its information and records and, as a consequence, its sustainable development capacity.

Capacity for managing records

One of the targets in SDG 17 (strengthen the means of implementation and revitalise the Global Partnership for Sustainable Development) is capacity building (SDG 17.9). The AHRC Network, from which this book emerged, is an example of ‘international support for implementing effective and targeted capacity-building in developing countries to support national plans and implement all the Sustainable Development Goals’.²¹ John McDonald identifies five capacity levels, with Level 1 being the lowest level and least developed capacity, and Level 5 being ‘an ideal state for a country that wants to ensure that data, statistics and records used to measure the SDG indicators are of a high enough quality to measure and implement the goals’.²² These levels, he states:

Inevitably, building capacity for managing records is constrained by the resources available. ISO 30301 states that ‘the organization shall determine and provide the resources needed for establishment, implementation, maintenance and continual improvement of the MSR’, and therefore careful consideration is needed in the context of short-term priorities, longer-term strategy and an assessment of the concomitant risks.²³ However, Level 2 is the minimum capacity level that all organisations should aim to reach. McDonald warns that ‘achieving Level 5 or even Level 4 will be challenging’.²⁴ There may be pockets of good or excellent practice in organisations, but they should strive to reach the best level possible given the resources available in all key functions, in order to minimise risks.

McDonald’s five-level model has resonance with a well-established Information Governance Maturity Model, developed by ARMA International, based on a high-level framework of good practice, the Generally Accepted Recordkeeping Principles (GARP).²⁵ The GARP Information Governance Maturity Model descriptors are used as a benchmark in the section that follows. As that model reflects, as an organisation develops its information governance and management programme, the people involved ‘will likewise progress through a spectrum of increasing competence and effectiveness’, ultimately achieving a transformational and sophisticated skill set.²⁶

This chapter considers, for each of the five capacity levels, the skills and competencies of the three groups of people identified in the previous section: the professionals (Group 1), the managers (Group 2) and other stakeholders and users of information (Group 3).

Across all five levels, users and other stakeholders need to be aware of what records exist, how they can be used to support the organisation’s work, and how the quality and value of information for development purposes can be judged. We set out some descriptors and examples of the skills, competencies and knowledge needed by each group at each level. However, we focus mainly on the professionals and the managers, who are the key players most actively involved in ensuring records and information quality. Professionals and managers need to be able to recognise the value of quality records and information and to follow systems that are capable of producing good records and information management if they are to play their role in ensuring the ‘use-value’ of the data they contain for SDGs.

Capacity Level 1

(Poor quality records undermine SDG implementation)

Organisations whose capacity is at Level 1 do produce some statistics for SDGs, but these are unreliable; the systems for managing them are unaccountable and lack transparency. In general, at Level 1, organisations are unwilling or unable to commit resources to records management systems, and they do little or nothing to assure data quality. They therefore take the risk that they will be unable to measure progress towards SDGs. The GARP Information Governance Maturity Model describes this level as ‘Sub-Standard’.²⁷ It is ‘an environment where information governance and recordkeeping concerns are not addressed at all, are addressed minimally or are addressed in an ad hoc manner … programs will not meet legal or regulatory scrutiny and may not effectively serve the business needs of the organisation’.

Group 1: professionals

At this level, the organisation may have no records professionals or, where there are records staff, they lack the knowledge and skills needed to develop a reliable framework of policies, standards, practices and systems for managing records. The information management role is largely non-existent or treated as a purely administrative role without the need for any specialist knowledge. As a result, there is little or no metadata for records; metadata standards are not implemented systematically, and systematic control processes are largely or entirely lacking or unreliable. Version controls are not implemented and information requests cannot be fulfilled. Records are preserved in an ad hoc manner and there are no staff skilled in implementing preservation standards appropriately. Staff lack understanding of basic information security and controlled access processes. Paper records are at risk, although they may survive, but digital records are very likely not to be preserved if there are no staff with digital curation and preservation expertise to implement active preservation strategies. The necessary ICT skills and knowledge are lacking.

Group 2: managers

At this level there is no senior leadership for effective information management. There may be no recordkeeping processes or systems, or they may be ad hoc and undocumented. There is no application of existing standards. Managers fail to provide central oversight or guidance to ensure consistent information practices and lack an awareness of the need for such guidance; they fail to ensure that retention processes are developed and implemented and do not understand the need for timely destruction or preservation of records. Personnel are not trained to document their decisions. Staff are unaware of their responsibilities as information creators and users, and there are no processes or procedures for managing information that needs to be shared with external stakeholders such as contractors, collaborators and citizens.

Group 3: other stakeholders and users

The needs and skills requirements of this group who, whether internal or external to the organisation, should be able to access and use records and data relating to SDGs, are neglected. At this lowest level, awareness of the existence of data and records is completely or almost completely lacking. Records and data are not available or accessible to users and other stakeholders, who generally do not know about relevant information that might help them do their work. They take decisions, make policy and carry out actions without consulting or using records and data. Often they do not have skills in resource discovery or information literacy that would enable them to access and use data. Development of policy and work that takes place in ignorance of relevant records and data is poorly informed, based on irrelevant or poor-quality information, or purely on personal or very localised understanding. Decisions lack transparency and accountability. Decision-making tends to be idiosyncratic and inconsistent across time and space.

The consequences for the organisation of poor, inconsistent or inadequate staff skills and knowledge for managing information are the loss of evidence of activities and actions, and inadequate authoritative, quality and reliable information to underpin decision-making. There is a high level of risk that decisions will be inappropriate or poor. There is a loss of organisational memory for planning and development, and, in the wider context of international development, SDG measurements and implementation are undermined.

Capacity Level 2

(Records enable SDG implementation at a basic level)

At Capacity Level 2, a basic framework of laws, policies, standards, procedures and people is in place to ensure that data and statistics are gathered and analysed to measure the SDGs with some accuracy and reliability. Level 2 is the minimum acceptable level for meeting basic needs for records to support the achievement of SDGs. The GARP Information Governance Maturity Model describes this level as ‘In Development’, ‘an environment where there is a developing recognition that information governance and prudent recordkeeping have an impact … however … its practices are ill-defined, incomplete, nascent, or only marginally effective’.²⁸

Group 1: professionals

At this level, the role of records and information professionals is recognised within the organisation, but staff are only skilled sufficiently to administer existing information programmes. They lack the skills needed to develop policies for managing the records that document processes for collecting and processing data and producing statistics; they lack the expertise needed to manage the complex interrelationships among data, statistics and records, especially those that need to be preserved through time and in digital formats. Emails, reports, logs and other records documenting the design and conduct of data collection cannot be related to records documenting processes for extracting and analysing data and producing statistics. Digital skills lie with ICT staff, who lack understanding of how to apply them to data management and analysis. Holistic approaches needed to ensure that records are managed coherently, and through time, are lacking. Typically, no staff have expertise in digital preservation strategies and approaches. Information practices, such as metadata management, retention scheduling and approved record destruction are applied at best in localised processes and often inconsistently.

Group 2: managers

Senior managers at Level 2 are generally aware of their responsibility for ensuring that data and statistics, with their supporting documentation, are stored properly. However, no control framework is applied universally, and some managers maintain poorly documented records. Managers realise that some degree of transparency and accountability in information asset management is needed, but they are not sufficiently experienced to be able to ensure that this is implemented widely. They do not provide training or guidance for employees in a formal or systematic fashion, which results in patchy and variable practices and a lack of universal policy. Senior managers may be aware of some compliance issues, but they are insufficiently knowledgeable about the details or of good information practices. Compliance is not given the profile it should have by senior managers, which opens the organisation up to risks.

Group 3: other stakeholders and users

At Level 2, users and external stakeholders are not given sufficient guidance and training to be able to understand the records and data they use, which typically lacks metadata or contextual information, or if metadata is available, users are not skilled in interpreting it accurately. Exchange of information between internal and external users is not properly regulated. Therefore, some users may access records that others cannot, and data may be shared in illegal or unethical ways. Users need training in proper information handling practices that respect legal and regulatory requirements. Legal discovery and access requests by third parties do not receive consistent responses.

Capacity Level 3

(The quality of records makes it possible to measure SDGs effectively and supports government programme activities)

At Capacity Level 3, a more comprehensive framework of policies, standards and practices, systems and technologies, and qualified staff exists, which means information and records can be trusted. The GARP Information Governance Maturity Model describes this level as ‘Essential’.²⁹ Organisations that have achieved the minimum requirements are ‘characterised by defined processes and procedures … the key basic components of a sound program in place’. This makes the organisation ‘at least minimally compliant with legal, operational and other responsibilities’.

Group 1: professionals

At this level, information professional roles are recognised and staff are competent to apply clear, consistent standards and practices. Records, information and other professionals work effectively with data management, ICT and other professional staff to ensure that requirements for identifying, describing, classifying, protecting and retaining data, statistics and records are integrated in the design of processes for collecting data and producing and using statistics. Professional staff are trained to apply clear, consistent standards and practices, at least to paper records and, to a more limited extent, to digital data. Preservation is generally not addressed adequately, so that data or statistical comparisons over long periods are not assured. Information staff put organisation-wide policies and standards in place as a strategic basis for protecting records of decisions.

Generally, staff have not developed detailed retention requirements, nor metadata standards for records. Staff generally lack the necessary knowledge of digital preservation standards, procedures and technologies. ISO 30301:2019 states, ‘This family of standards is intended to be used in support of: a) top management who make decisions regarding the establishment and implementation of management systems within their organization; b) people responsible for the implementation of MSR, such as professionals in the areas of risk management, auditing, management of records, information technology and information security.’³⁰ In order to achieve Capacity Level 3, professionals need to be able to develop and implement coherent records and information systems.

Group 2: managers

Senior managers at Capacity Level 3 know that they are responsible for ensuring that the records generated are authentic, reliable, accessible and understandable and can be retrieved when needed. ISO 30300 provides guidance on the requirements for Management System Standards (MSS), which ‘provide tools for top management to implement a systematic and verifiable approach to organizational control in an environment that encourages good business practices’.³¹ The standards on management systems for records are ‘designed to assist organizations of all types and sizes, or groups of organizations with shared business activities, to implement, operate and improve an effective management system for records … The MSR directs and controls an organization for the purposes of establishing a policy and objectives with regard to records and achieving those objectives’.³² ISO 30301:2019 sets out four activities to achieve this: ‘defined roles and responsibilities; systematic processes; measurement and evaluation; review and improvement’.³³ At Capacity Level 3 or better, senior managers should understand the requirements for effective management systems for records and should provide the policy and resource infrastructure needed to develop and implement them.

Senior managers understand the requirements for information compliance and take responsibility for ensuring that compliance has a sufficiently high profile in the organisation to justify the allocation of resources to formal systems and processes in order to implement compliance policies. They understand data privacy, legal issues and confidentiality, and training for all staff in understanding these issues is available. The management of risk and the need for compliance (and its costs) are assessed by skilled people, so that organisational risks are balanced. Managers and employees across the organisation are trained and knowledgeable about information policies, and they understand personal and organisational responsibilities for records.

Group 3: other stakeholders and users

At this level, record users are aware of ‘the records policy; their contribution to the effectiveness of the MSR, including the benefits of improved records processes and systems performance; the implications of not conforming with the MSR requirements’.³⁴ They have sufficient knowledge of the creation context and sufficient understanding of the quality of the information they require so that they can make fairly informed decisions about the data they access for development questions and how to reprocess them appropriately. Data requests and data sharing across third parties are, in the main, systematic and legally compliant.

Capacity Level 4

(Well-managed records make it possible to measure SDG implementation effectively and consistently through time; data and statistics are of high enough quality and integrity to support government programme activities at the strategic level)

At Capacity Level 4, data and statistics generated to measure SDG indicators are reliable and can be linked and combined with other data sources to support other activities. The GARP Information Governance Maturity Model describes this level as ‘Proactive’, with an ‘information governance program throughout its operations … routinely integrated into business decisions’.³⁵ The organisation is ‘substantially more than minimally compliant with good practice and easily meets it legal and regulatory requirements’. It is able to mine its information for better services and is ‘transforming itself through increased use of its information’.³⁶ ISO 30301:2019 suggests that ‘Top management shall demonstrate leadership and commitment with respect to the M[anagement] S[ystem] for R[ecords] by ensuring that the records policy and records objectives are established and are compatible with the strategic direction of the organization’.³⁷ Well-managed and properly resourced organisations should aspire to achieve Capacity Level 4 across the organisation.

Group 1: professionals

At Level 4, records and information roles are assigned to senior appointments. Recruitment is fair and open to ensure the necessary skills and experience in the post holders; records management is embedded in the strategic operation of the whole organisation. Records professionals have the skills to deliver accountability requirements through consistently applied records management policies and standards. Preservation standards ensure that records are stored properly and migrated to take account of changes in technology. Staff are trained to deliver a preservation and management programme that ensures continued accessibility and authenticity of records in all formats through time. Professional staff have the skills needed to implement information access regimes that are compliant with legal, regulatory and ethical practices. They are also trained trainers, so that they can develop information skills training for all organisational staff.

Group 2: managers

The role of senior management in a compliant organisation is to ‘set an organization’s direction and communicate priorities to employees and stakeholders.’ Senior managers need the skills to lead the organisation with respect to information and data, creating an environment in which managers can ‘establish a records policy that: a) is appropriate to the purpose of the organization; b) provides a framework for setting records objectives’. In addition, ‘The records policy shall include the high-level strategies with regard to the creation, capture and management of authentic, reliable and useable records capable of supporting the organization’s functions and activities’.³⁸ Resources and staff competencies are available to maintain, review and develop the information infrastructure. At this level, project or programme managers should have the skills to analyse information trends through time and make comparisons from year to year using reliable records, because changes to formats, coding schemes and data collection and analysis methods are well-documented. Managers understand the audit and compliance requirements and are able to implement and oversee them.

Group 3: other stakeholders and users

External users of data can be assured that what they are using is quality information and that the compliance and access processes are robust and reliable, so that data requests are fulfilled in a timely, complete and transparent way. Managers ensure that information professionals can develop and deliver staff training programmes that formally train all information users to have the correct skills of data analysis, information literacy and understanding of the context of the data they use. All staff receive training related to their information and records handling needs, which could cover classification and metadata tagging of information, retention and disposal rules, access and privacy regimes and destruction processes across all formats and media.

Capacity Level 5

(Processes generating records, and the framework for managing them, are designed to make it possible to exploit data, statistics and records, including the information used for measuring SDGs, in new and innovative ways)

At Capacity Level 5, organisations responsible for managing data and statistics enable innovative thinking about implementing and going beyond SDGs. These organisations are international leaders in good practice; they enable government and international policies to be developed and new thinking to emerge. Standards makers, and setters of high benchmarks, are hallmarks of these organisations. They influence practice on SDGs data worldwide. The GARP Information Governance Maturity Model describes this level as ‘Transformational’, where the organisation has integrated information governance into its infrastructure and processes, making compliance ‘routine’.³⁹ It both recognises the value of information as a critical asset and implements ‘strategies and tools to achieve these gains’. As a result, the risk of inappropriate information disclosure and data loss is low. However, Level 5 represents the best possible world of information management for SDGs and may be costly to implement holistically. Organisations need to evaluate the return on investment and come to a judgement about the correct balance between risk and cost.

Group 1: professionals

At this level records professionals have the knowledge and expertise needed to design comprehensive management frameworks, covering multiple organisations and technology environments that encourage information in the records to be exploited to the greatest possible extent. IT professionals work to support innovative and advanced technologies, ensuring that information is published in new forms to meet the needs of a wide range of individuals and groups and to give citizens access, regardless of location. Open access data should meet high interoperability standards, for instance the Five Star Open Data Scheme.⁴⁰

At Level 5, information professionals are world-leading in their skills and knowledge, which goes well beyond the boundaries of the organisation, taking a wide and well-informed view. They are able to develop information systems that can be adopted within and outside their own organisation and that provide benchmarks for good practice. For example, records preservation in all formats, including digital, is highly developed and fully implemented; staff are engaged in continual improvement across the whole organisation and across all functions and processes.

McDonald suggests that a leader in this field should have ‘background in data management, statistics, information technology or records management, the capacity to bridge these disciplines and the ability to communicate with a variety of stakeholders, including senior management’.⁴¹ He or she should be supported by a steering committee, ‘made up of representatives from government programmes supporting the SDGs as well as programmes where the quality and integrity of data, statistics and records is particularly important. Specialists in managing data, statistics, records and information technology, as well as legal experts and auditors should also be included’.⁴²

Group 2: managers

Senior managers of SDG initiatives at Level 5 must understand the benefits of sharing and exploiting data, statistics and records for stimulating innovative thinking on implementing the SDGs, as well as for achieving the operational goals of individual programme activities and the strategic goals of the organisation. The organisation’s governing council should include the chief information officer in order to ensure high-level support for information goals. Teams of managers should be assembled to review the nature and quality of the information needed to meet SDG targets; these teams should include specialists in managing records, data and statistics, and information technology, legal experts and auditors.

Group 3: other stakeholders and users

At this level, information users have full and free access to the data they need, which is fully interoperable across systems, reliably reproducible, and can be easily reprocessed. Comprehensive training is available, which enables data users to develop their skills and understanding of the records and data needed to measure SDGs.

Determining and achieving the desired capacity level

Organisations should make risk assessed and strategic decisions about the desirable capacity level for the organisation – both for the organisation as a whole and in part. This is based on what is realistic and affordable and what provides the required return on investment in terms of reducing information risks. Benchmarking, good practice, the organisation’s mandate, stakeholder expectations and trust are all issues that affect the decision about desirable capacity level. Capacity Level 1 is not desirable for international development and the measurement of SDGs as it does not meet even the lowest threshold of quality. As McDonald suggests, Level 2 should be the minimum level that is acceptable in an organisation with development goals in its mandate.⁴³ However, Level 5 may not be appropriate either, at least not organisation-wide, as the costs of compliance and policy engagement, whilst desirable, may not be affordable. Organisations should assess and measure the risks they are willing to take, with the resources at their disposal, to achieve an acceptable quality of information with the people needed to operate, manage and use the records needed to measure the SDGs.

Once an organisation commits itself to building systems for an identified capacity level, it will need appropriately skilled, experienced and trained people to move from its current state to the desired state. Normally, that will be done a step at a time. The organisation may also have short-term goals for developing certain aspects of the information systems and longer-term goals to implement a more comprehensive system to deliver quality information. ISO 30301:2019 identifies three key steps: ‘determine the necessary competence of person(s) doing work under its control that affects the performance of its records processes and systems; ensure that these persons are competent on the basis of appropriate education, training, and experience; [and] where applicable, take actions to acquire the necessary competence and evaluate the effectiveness of the actions taken’.⁴⁴ It also states that evidence of competence should be documented and retained.

The standard identifies actions that an organisation can take, such as ‘the provision of training to, the mentoring of, or the reassignment of currently employed persons; or the hiring or contracting of competent persons’.⁴⁵ Similarly, McDonald recommends a wide range of strategies to develop the necessary skills and competencies.⁴⁶ These include:

In order to develop the required competencies to meet these information system goals, organisations should focus on five key approaches. First, they should seek to employ staff with formal qualifications, taught and accredited by universities and professional bodies. Second, they should develop a training programme for existing staff to develop their skills. Such training might be provided, for instance, by internal expert professionals, freelance trainers and consultants, relevant professional bodies that provide training courses and universities. Third, consultants and contracted staff with appropriate knowledge and expertise can be employed as change makers to boost the knowledge needed to make significant improvements. Fourth, organisations should consult national, regional and international standards that provide information and guidance about the skills needed and ensure that recruitment and development of people is in line with good practice. Finally, organisations should refer to relevant competency frameworks to benchmark the skills and knowledge needed by staff.

Employ staff with formal qualifications

In order to ensure that professional staff (Group 1) meet the needs of the desired capacity level, organisations commonly recruit staff with professional qualifications in relevant disciplines. Such qualifications are accredited and taught by universities and educational colleges or by the professional bodies in the field. Professional bodies sometimes accredit qualifications offered by universities rather than delivering qualifications directly, for example, an undergraduate or postgraduate level degree in records and information management, information security, or information science. This includes, for instance, programmes offered at Northumbria University in information governance and at University College London in archives and records management (both UK); at the School of Information Sciences at Moi University in Kenya; at the University of Botswana in information and knowledge management; at Universiti Teknologi Malaysia Faculty of Technology and Informatics in records and archives management; and at Monash University (Australia) in data science, information technology or social informatics. There are many others, too many to list here, around the world that teach in different languages and with different specialisations in the broad field of records and information.

Train existing staff

Many organisations already employ staff in information roles, but in many cases, the staff lack some of the skills and knowledge needed to develop their roles further. A programme of targeted training and continuing professional development for information staff can be developed. This might include, for instance, short courses offered by external providers, including professional associations, such as ARMA International⁴⁷, the International Council on Archives⁴⁸ or the learning materials by the International Records Management Trust⁴⁹. It could involve secondments to more advanced organisations or different functional areas, or training offered by national or regional institutions, such as the national archives and records service. Professional staff with leading-edge skills can also offer training for managers and information users covering their responsibilities for quality information and resources; the ICA’s ‘Training the Trainer’ pack can support this.⁵⁰ Such training would respond directly to SDG 4 – ‘Ensure inclusive and equitable quality education and promote lifelong learning opportunities for all’.⁵¹

Contract expert staff short term as change makers

Expert contract staff and consultants are helpful to organisations who lack specific skills and who need an expert opinion and some specific guidance in order to improve systems for information. Employing a consultant enables an organisation to boost expert capacity for a short period and to deal with an identified and targeted issue. Consultants can also provide training for staff at all levels in the organisation according to need. Professional bodies may be able to provide contacts with suitably skilled consultants.

Use standards to guide practice and inform staff recruitment

International standards can provide a good practice threshold or benchmark that organisations can use to evaluate their practices and systems. Standards can also be used to identify gaps and omissions and inform staff recruitment or training needs. Relevant standards have been cited in this chapter, including ISO 15489:2016 Information and documentation – Records Management; ISO 30301:2019 Information and documentation – Management Systems for Records; and the ISO 8000 series on Data Quality. Practice standards are also published nationally or regionally or for specific functional areas, such as national health services; in the UK, for example, the Data Security and Protection Toolkit has been developed by NHS Digital.⁵² Recruitment and person specifications are useful here. ARMA International, for instance, has linked publications providing a set of core competencies for records and information management⁵³ and a set of job descriptions based on those competencies.⁵⁴ Beyond that, job adverts and specialist recruitment agencies provide useful support.

Benchmark staff skills and knowledge against competency standards

Professional associations have developed competency standards to identify ‘the skills, knowledge and behaviour required to work within a profession. These are acquired both through initial education and training and participation in a program of continuing professional development’.⁵⁵ The ICA’s 2014 report identified a range of competency standards, for instance in Australia, where the Australian Library and Information Association has provided standards on core knowledge, skills and attitudes, and work level guidelines (in 2005), while the Australian Society of Archivists and the Records Management Association has developed an Australasia Statement of Knowledge for Recordkeeping Professionals (also in 2005).

In Canada, the Information Management Forum produced the Information and Records Management – Competency Profile (2000), and in the United States, ARMA International produced a standard on Core Competencies (2007, with a second edition published in 2017). In the UK, the Information and Records Management Society offers a statement of individual competency through its accreditation programme,⁵⁶ while the Archives and Records Association has developed a detailed competency statement for records staff at a range of levels of experience, from Level 1 Novice, Level 2 Beginner, Level 3 Competent, Level 4 Proficient, to Level 5 Expert/Authoritative, grouped under three areas of work: organisational, process and stakeholder/customer.⁵⁷

Conclusion

Human capacity and competence are essential for delivering quality information for effective decision-making and organisational efficiency and, in the specific context of this book, to support international development and the measurement of the UN SDGs. In this chapter, we have identified three main groups of people with roles and responsibilities for delivering quality information by managing an organisation’s records. These are: information professionals (including records, legal and information technology professionals), managers (including leaders, senior managers, project and programme managers) and users (including all organisational staff, external stakeholders and contractors). Their competence directly affects an organisation’s capacity for managing its information, records and data.

We use the five capacity levels for delivering quality data, statistics and records identified by John McDonald to determine the competence (knowledge, skills, expertise) required of each of these three groups of people at each level. In doing so it is clear that Level 1 is not desirable within the specific context of the SDGs or more generally. Moving to higher levels can contribute directly to improving the way the organisation carries out its regular operational functions and its ability to achieve the SDGs. Achieving Level 5, a position of transformation, enables the organisation to use its information resources in new and innovative ways to support its operations, achieve its strategic goals and, most important, the ability to alter and even fundamentally change its business. However, this may be unrealistic for many organisations. The approach set out here will enable an organisation to assess its current capacity level, agree the desirable capacity level based on a risk assessment, and identify strengths and gaps in its human capacity for managing its information, data and records. We offer a range of strategies for building capacity to address the gaps, from employing staff with formal qualifications, to benchmarking staff skills and knowledge against competency frameworks. While we have specifically focused on records, our approach is equally applicable to building capacity for managing data and statistics.