Guidance for decommissioning systems
This guide helps public offices identify legacy systems and manage data issues through migration and decommissioning.
Many NSW public offices have accumulated large amounts of data in legacy systems. Many of these systems were not designed with a long term view of the value of the data they generate and contain. This data is often key business records and information. Many systems also contain data that is trivial, duplicated or no longer required.
The Standard on records management provides a framework for managing NSW public offices’ records and information. When running a decommissioning project, public offices can follow the requirements by:
- assessing, and implementing where required:
- records and information management requirements in system acquisition,
- system maintenance and decommissioning
- ensure retention and disposal requirements for records and information when decommissioning a system
This guide offers advice and procedures to help public offices identify legacy systems. It covers how to address challenges with data in these systems through migration and decommissioning. These steps should be part of routine information management and technology programs.
What is decommissioning?
Decommissioning is the process of removing a business application or system from use.
This requires analysis of the data in the system. Identify the data, metadata and system documentation that the organisation needs to keep. An accountable process for deletion of residual data in the system should be in place.
There are a range of business drivers for decommissioning. Decommissioning systems should happen when:
- a new system with the same functionality replaces it
- the system is obsolete and no longer supports the business process
- project completion or termination
- structural reorganisation
- transfer of functions due to regulatory and organisational changes
- disposal of physical assets
Legacy systems are often repositories of records and information with significant business value. These systems can pose risks and costs as they rely on expertise and technology for ongoing maintenance. All business systems will become legacy systems. This is due to rapidly changing technology and business environments. Decommissioning planning should form a part of system design and implementation.
Identifying opportunities for decommissioning
Opportunities to decommission systems, and the reasons for doing so, can vary. Often based on organisational, informational and technical factors. To identify costing and resourcing risks, organisations should assess their entire digital environment.
Factors to consider include:
- technology obsolescence risks
- security risks
- licensing costs
- system documentation deficits
- critical staffing risks
This information will help to provide the rationale for the decommissioning process.
When to decommission
The following are common scenarios in which decommissioning projects will occur.
Project-based decommissioning
The best practice for decommissioning is that it is part of a planned transition and development of new systems. This allows for the required analysis and business engagement to occur.
Decommissioning planning should occur along side new system development and implementation. This process can be complex, but it will allow for the consolidation and rationalisation of legacy systems.
Application rationalisation projects
Organisations can run detailed surveys on their business units. These surveys identify outdated applications that new systems have replaced.
Reviewing all applications across an organisation can help identify issues and opportunities. Considering these issues together makes the need for action clearer.
Infrastructure rationalisation projects
Many organisations have undertaken a comprehensive infrastructure usage analysis. This process can also help identify the cost of over-retention of legacy data in business applications. Certain types of systems may need infrastructure which is expensive and hard to maintain.
Understanding application infrastructure costs can help identify cost savings. For example, over-allocation of storage for low priority data, or excessive retention of backups.
This has given some organisations concrete cost saving estimates to justify improvements.
Decommissioning checklist
When planning decommissioning, these are some things you need to consider. This checklist will help you to ask questions to ensure that you're meeting record keeping obligations and that processes aren't impacted.
Protecting records and information is essential when you are moving to a new system. Migrations can give you a chance to get rid of what is no longer needed. Follow these guidelines to avoid unauthorised or unlawful disposals or alterations.
1. Have system records/information been mapped to an authorised retention and disposal authority?
Check out our list of approved organisation specific retention and disposal authorities. If there isn't one listed for your needs, please see the procedures for developing a retention and disposal authority.
Please contact govrec@staterecords.nsw.gov.au for more information.
2.Does the system contain records/information needed long term or as State archives?
Consider starting a digital archives transfer project.
3.Have you identified the metadata and system documentation that supports the records integrity?
State Records NSW have minimum requirements for metadata for authoritative records and information. Migration of metadata is also covered in the guidance on the management of source records which have been migrated.
There may be more than legislative obligations to consider for why you would keep data. Keeping data could be through migration to a new system, or another mangement system.
1.Have all dependencies on the use of this data been considered and resolved?
Example: Does this data impact approvals or verify actions in other systems? Is this information linked to any other files or case studies that help to ensure they are complete?
2. Are the records/information in this system duplicated across many systems or repositories?
Example: Information may be duplicated across systems as backups. This can bring a chance to merge this information. Backup systems are not a long-term information management strategy.
3.Does the system act as a source of authority for a high value dataset?
Example: Does another business unit rely on this data despite it no longer being valueable to your public office?
4. Does the system contain valuable information about businesses and individual clients’ interactions with governments?
Example: Do clients or the community have a reasonable expectation this data will be kept?
5. Does the system contain records/information which otherwise have a high public or commercial value?
Example: Could this information need to be kept or made available for the public? See NSW Open Data Policy for more information.
Migrations of data should be go through a well recorded process. This should include documented strategies designed to support the business. This also allows for accountability and trustworthy, accessible records.
Source records that has been migrated may be eligible for disposal. Find outabout the conditions for authorised disposal of source records.
Further information about digital records is available in our advice on migrating records.
It can be common for old systems to remain operational after data is migrated. This could be risky for the following reasons:
- Does the system contain data which poses significant privacy risks?
- Does the system contain data which poses significant commercial risks?
- Does the system contain data which poses other significant organisational risks?
Example: A government organisation continued to maintain a website that contains client information. If not maintained, these sites could be vulnerable to hackers. The organisation would need to tell the client their infromation has been breached.
Need more information?
Find out more about legislation and requirements.