Information Management

From SEBoK
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Lead Authors: Andy Pickard, Garry Roedler, Contributing Authors: Ray Madachy

The information management (IM) process is a set of activities associated with the collection and management of information from one or more sources and the distribution of that information to one or more audiences. Information, in its most restricted technical sense, is an ordered sequence of symbols that record or transmit a message. The key idea is that information is a collection of facts that is organized in such a way that they have additional value beyond the value of the facts themselves. The systems engineer is both the generator and recipient of information products; thus, the systems engineer has a vital stake in the success of the development and use of the IM process and IM systems.


Information can exist in many forms in an organization; some information is related to a specific system development program and some is held at an enterprise level and made available to programs as required. It may be held in electronic format or in physical form (for instance, paper drawings or documents, microfiche or other photographic records).

The IM process includes a set of interrelated activities associated with information systems, systems of systemssystems of systems (SoS), architecturesarchitectures, servicesservices, nested hardware/platforms, and people. Fundamentally, this process is a set of activities that are concerned with improvements in a variety of human problem-solving endeavors. This includes the design, development, and use of technologically based systems and processes that enhance the efficiency and effectiveness of information and associated knowledge in a variety of strategic/business, tactical, and operational situations.

Management refers to the organization of and control over process activities associated with the structure, processing, and delivery of information. For example, the organizational structure must have management processes capable of managing this information throughout the information life cyclelife cycle regardless of source or format (e.g., data, paper documents, electronic documents, audio, video, etc.) for delivery through multiple channels that may include cell phones and web interfaces.

A computer-based IM system is an organized combination of people, hardware, software, communication networks, and the data resources that collect, transform, and disseminate information in an organization. From the perspective of the systems engineer, the IM process is a cycle of inter-related information activities to be planned for, designed, and coordinated. Numerous life cycle development process models exist. Figure 1 below is a high-level process model that emphasizes the role of systems engineeringsystems engineering (SE) in IM.

Figure 1. Life Cycle Information Management Process Development Model. (SEBoK Original)

The SE function in the development of an IM system is concerned with several rate-limiting architecture and design variables, (e.g., information sharing, quality, security, efficiency, compliance, etc.) that should be considered up-front in the life cycle development process. Each of these variables can be subdivided into architecture and design considerations for the information system-of-interestsystem-of-interest (SoI). For example, quality can be viewed in terms of data validity, consistency, and comprehensiveness. Figure 2 provides an overview of information management considerations.

Figure 2. Information Management Architecture and Design Considerations. (SEBoK Original)

The effective and efficient employment of IM systems should solve business needs. These needs can center on several business objectives, such as efficiency, effectiveness, competitiveness, or profitability. From a business enterprise perspective, the systems engineer may be involved in several activities that support the development of IM systems, such as strategic planning, analyses of technology/business trends, development of applications, understanding operational disciplines, resource control techniques, and assessment of organization structures.

The IM process ensures that necessary information is created, stored, retained, protected, managed, and made easily available to those with a need and who are permitted access. It also ensures that information is disposed of when it is no longer relevant.

The Information Management Process

To quote from ISO/IEC/IEEE 15288 (2015):

The purpose of the Information Management Process is to generate, obtain, confirm, transform, retain, retrieve, disseminate and dispose of information, to designated stakeholders…

Information management plans, executes, and controls the provision of information to designated stakeholders that is unambiguous, complete, verifiable, consistent, modifiable, traceable, and presentable.

The first step in the IM process is to plan IM. The output of this step is the IM strategy or plan. The second step is to perform IM. The outputs of this step are the creation, population and maintenance of one or more information repositories, together with the creation and dissemination of information management reports.

Plan Information Management

Issues that should be considered when creating the IM strategy/plan include:

  • Scope
    • What information has to be managed?
    • How long will the information need to be retained?
    • Is a system data dictionary is required to be able to "tag" information for ease of search and retrieval?
    • Will the media that will be used for the management of the information be physical, electronic, or both?
    • Have a work in progress (WIP) and formally released information already been considered when establishing data repositories?
  • Constraints
    • What level of configuration control must be applied to the information?
    • Are there any regulatory requirements relating to the management of information for this project, including export control requirements?
    • Are there any customer requirements or agreements relating to the management of project information?
    • Are there any industry standards relating to the management of project information?
    • Are there any organization/enterprise directives, procedures, or standards relating to the management of project information?
    • Are there any project directives, procedures, or standards relating to the management of project information?
  • Control/Security
    • Who is allowed access to the information? This could include people working on the project, other members of the organization/enterprise, customers, partners, suppliers and regulatory authorities.
    • Are there requirements to protect the information from unauthorized access? This could include intellectual property (IP) rights that have to be respected - for instance, if information from suppliers is to be stored and there is the possibility of a supplier gaining access to information belonging to a competitor who is also a supplier for the project.
    • What data repository or repositories are to be used?
      • Has the volume of information to be stored been considered when selecting repositories?
      • Has speed of access and search been considered when selecting repositories?
    • If electronic information is to be stored, what file formats are allowed?
    • Have requirements been defined to ensure that the information being stored is valid?
    • Have requirements been defined to ensure that information is disposed of correctly when it is no longer required to be stored, or when it is no longer valid? For instance, has a review period been defined for each piece of information?
  • Life Cycle
    • If electronic information is to be stored for a long time, how will it be "future-proofed?" For instance, are neutral file formats available, or will copies of the software that created or used the information be retained?
    • Have disaster recovery requirements been considered – e.g., if a server holding electronic information is destroyed, are there back-up copies of the information? Are the back-up copies regularly accessed to show that information recovery is flawless?
    • Is there a formal requirement to archive designated information for compliance with legal (including regulatory), audit, and information retention requirements? If so, has an archive and archiving method been defined?
    • Some information may not be required to be stored (e.g., the results files for analyses when the information occupies a large volume and can be regenerated by the analysis tool and the input file). However, if the cost to re-generate the information is high, consider doing a cost/benefit analysis for storage versus regeneration.

Perform Information Management

Issues that should be considered when performing information management include:

  • Is the information valid (is it traceable to the information management strategy/plan and the list of information to be managed)?
  • Has the workflow for review and approval of information been defined to transfer information from "work in progress" to "released?"
  • Are the correct configuration management requirements being applied to the information? Has the information been baselined?
  • Have the correct "tags" been applied to the information to allow for easy search and retrieval?
  • Have the correct access rules been applied to the information? Can users access the information that they are permitted to access, and only this information?
  • If required, has the information been translated into a neutral file format prior to storage?
  • Has a review date been set for assessing the continued validity of the information?
  • Has the workflow for review and removal of unwanted, invalid, or unverifiable information (as defined in organization/enterprise policy, project policy, security or intellectual property requirements) been defined?
  • Has the information been backed up and has the backup recovery system been tested?
  • Has designated information been archived in compliance with legal (including regulatory), audit, and information retention requirements?
  • Does the IM system satisfy defined performance requirements - for instance, speed of access, availability, and searchability?

Linkages to Other Systems Engineering Management Topics

The systems engineering IM process is closely coupled with the system definition, planning, and CM processes. The requirements for IM are elicited from stakeholders as part of the system definition process. What/when information is to be stored in the systems engineering lifecycle is defined in the planning process and configuration control requirements are defined in the CM process.

Practical Considerations

Key pitfalls and good practices related to IM are described in the next two sections.


Some of the key pitfalls encountered in planning and performing IM are provided in Table 1:

Table 1. Information Management Pitfalls. (SEBoK Original)
Pitfall Name Pitfall Description
No Data Dictionary
  • Not defining a data dictionary for the project may result in inconsistencies in naming conventions for information and proliferation of meta-data "tags", which reduces the accuracy and completeness of searches for information and adding search time performance.
No Metadata
  • Not "tagging" information with metadata or tagging inconsistently may result in searches being based on metadata tags, which are ineffective and can overlook key information.
No Back-Up Verification
  • Not checking that information can be retrieved effectively from a back-up repository when access to the back-up is needed may result in one discovering that the back-up information is corrupted or not accessible.
Access Obsolescence
  • This refers to saving information in an electronic format which eventually ceases to be accessible and not retaining a working copy of the obsolete software to be able to access the information.
Inadequate Long-Term Retention
  • This refers to the error of archiving information on an electronic medium that does not have the required durability to be readable through the required retention life of the information and not regularly accessing and re-archiving the information.
Inadequate Validity Maintenance
  • Not checking the continued validity of information results in outdated or incorrect information being retained and used.

Good Practices

Some good practices gathered from the references are provided in Table 2:

Table 2. Information Management Good Practices. (SEBoK Original)
Good Practice Name Good Practice Description
  • The DAMA Guide to the Data Management Body of Knowledge provides an excellent, detailed overview of IM at both the project and enterprise level.
Information as an Asset
  • Recognize that information is a strategic asset for the organization and needs to be managed and protected.
Information Storage Capacity
  • Plan for the organization's information repository storage capacity to need to double every 12 to 18 months.
Effective Information Access
  • Information that sits in a repository adds no value. It only adds value when it is used, so the right people need to be able to access the right information easily and quickly.
Data Modeling
  • Invest time and effort in designing data models that are consistent with the underlying structure and information needs of the organization.
Quality Management
  • The cost impact of using poor quality information can be enormous. Be rigorous about managing the quality of information.
Information Repository Design
  • The impact of managing information poorly can also be enormous (e.g., violating intellectual property or export control rules).
  • Make sure that these requirements are captured and implemented in the information repository, and that all users of the repository are aware of the rules that they need to follow and the penalties for infringement.


Works Cited

ISO/IEC/IEEE. 2008. Systems and Software Engineering - System Life Cycle Processes. Geneva, Switzerland: International Organisation for Standardisation/International Electrotechnical Commissions. ISO/IEC/IEEE 15288:2008.

Mosley, M. (ed.). 2009. The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK Guide). Bradley Beach, NJ, USA: Technics Publications.

Primary References

INCOSE. 2012. Systems Engineering Handbook: A Guide for System Life Cycle Processes and Activities, version 3.2.1. San Diego, CA, USA: International Council on Systems Engineering (INCOSE), INCOSE-TP-2003-002-03.2.2.

ISO/IEC/IEEE. 2015. Systems and Software Engineering -- System Life Cycle Processes. Geneva, Switzerland: International Organisation for Standardisation / International Electrotechnical Commissions. ISO/IEC/IEEE 15288:2015.

Mosley, M. (ed.). 2009. The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK Guide). Bradley Beach, NJ, USA: Technics Publications.

Redman, T. 2008. Data Driven: Profiting from Your Most Important Business Asset. Cambridge, MA, USA: Harvard Business Press.

Additional References


< Previous Article | Parent Article | Next Article >
SEBoK v. 2.6, released 20 May 2022