Compliance
October 8, 2025

Turning Check-up Into Capability: How Agencies Can Lift Maturity – And Prove It As Well

The Australian Government’s Information Management Check-up Program is often treated as an annual hurdle. But the most successful agencies use it as a blueprint for trusted records, resilient services, and AI-ready data.

Interview multiple candidates

Lorem ipsum dolor sit amet, consectetur adipiscing elit proin mi pellentesque  lorem turpis feugiat non sed sed sed aliquam lectus sodales gravida turpis maassa odio faucibus accumsan turpis nulla tellus purus ut   cursus lorem  in pellentesque risus turpis eget quam eu nunc sed diam.

Search for the right experience

Lorem ipsum dolor sit amet, consectetur adipiscing elit proin mi pellentesque  lorem turpis feugiat non sed sed sed aliquam lectus sodales gravida turpis maassa odio.

  1. Lorem ipsum dolor sit amet, consectetur adipiscing elit.
  2. Porttitor nibh est vulputate vitae sem vitae.
  3. Netus vestibulum dignissim scelerisque vitae.
  4. Amet tellus nisl risus lorem vulputate velit eget.

Ask for past work examples & results

Lorem ipsum dolor sit amet, consectetur adipiscing elit consectetur in proin mattis enim posuere maecenas non magna mauris, feugiat montes, porttitor eget nulla id id.

  • Lorem ipsum dolor sit amet, consectetur adipiscing elit.
  • Netus vestibulum dignissim scelerisque vitae.
  • Porttitor nibh est vulputate vitae sem vitae.
  • Amet tellus nisl risus lorem vulputate velit eget.
Vet candidates & ask for past references before hiring

Lorem ipsum dolor sit amet, consectetur adipiscing elit ut suspendisse convallis enim tincidunt nunc condimentum facilisi accumsan tempor donec dolor malesuada vestibulum in sed sed morbi accumsan tristique turpis vivamus non velit euismod.

“Lorem ipsum dolor sit amet, consectetur adipiscing elit nunc gravida purus urna, ipsum eu morbi in enim”
Once you hire them, give them access for all tools & resources for success

Lorem ipsum dolor sit amet, consectetur adipiscing elit ut suspendisse convallis enim tincidunt nunc condimentum facilisi accumsan tempor donec dolor malesuada vestibulum in sed sed morbi accumsan tristique turpis vivamus non velit euismod.

While the Check-up has driven some gains, the 2024 results show government agencies still have a long way to go. Routine capture and storage are happening, but automation, metadata, and disposal remain weak points. Too often, the program is treated as a compliance tick-box rather than a capability framework. The result is a public record that is still fragmented, inconsistently governed, and at risk of loss, despite growing pressure for transparency and accountability.

In this article, we look at what 'high maturity' really means across the Check-up’s core areas – creating; describing; storing, preserving and managing; appraising and disposing; and using and reusing records – and how to operationalise those requirements in an automated way, without disrupting your users or replacing existing systems.

Why Check-up matters (beyond compliance)

The National Archives of Australia (NAA) runs the Check-up survey to gauge agencies’ maturity and performance in managing information assets. Results inform whole-of-government reporting and, since 2023, published agency-level indexes that drive transparency and improvement. The survey is aligned to the NAA Information Management Standard (based on AS ISO 15489.1) and the Building trust in the public record policy, which superseded Digital Continuity 2020.

Maturity correlates with better outcomes: faster responses to FOI and legal matters, more reliable decision evidence, lower risk from 'dark data', and smoother technology change because controls follow the information, not just the system.

Demonstrating your Check-up maturity

Let’s break down some of the key components of Check-up maturity, how agencies benchmarked in 2024, and how you can achieve top scores in 2025 (without needing to change user behaviour, move records around, or make expensive system upgrades).  

Creating information assets

In 2024, most agencies (91%) reported that they usually or always created and captured information assets routinely. But only 75% said that capture was automated in some way, and fewer agencies reported in 2024 that their information assets were complete, accurate and have sufficient detail to be understood in the future than in 2023.  

Castlepoint automates capture of records, even from ‘unmanaged’ systems that do not have compliance built in.

Castlepoint (blue line) versus the 2024 Check-up benchmark results (orange line).

Describing information assets

Most agencies were only reporting a maturity of 3/5 in 2024, meaning they only ‘sometimes’ adequately described information assets. Key gaps were in creating and maintaining useful, standardized metadata, and making sure it was consistently captured.  

Castlepoint standardizes metadata across all formats, and all systems, capturing not just compliant minimum mandatory recordkeeping metadata, but also extensive metadata on events, context, classification, and content. This is an automated process that does not require users to apply labels or tags on source items.

Storing, preserving, and managing information assets

Last year, maturity across agencies was 4/5 for storing records securely and sustainably. Areas for improvement were concentrated on new business systems, which do not have inbuilt records management capabilities. Maturity across non-EDRMS systems was only 3/5, and as most records in agencies are stored in systems like this, the overall maturity on this front is likely worse than it first appears. Only 54% of agencies reported using an EDRMS in the cloud, while 93% used services like M365.

Castlepoint makes M365, Confluence, AWS S3, Box, Google, OpenText, and any other business system fully compliant, without needing to change its configuration. With no agents to install, compliance across line of business systems can be achieved in just a few minutes of setting up permissions and access for Castlepoint to read the data.

Appraising and disposing (destruction and transfer)

Maturity in records sentencing and disposal is low across Australian Federal Government. This has been reinforced by ANAO audits, and poses a serious risk. We risk losing a generation’s worth of archives if we do not sentence records properly. 30% of agencies are never or only occasionally sentencing records, and more than half are not transferring any to the National Archives. Some agencies do not even have sentencing configured in their formal EDRMS, let alone business systems.  

Castlepoint sentences all records in the network based on their content and context, without requiring users or records teams to apply metadata, follow file plans, manage rules engines, or train and supervise Machine Learning. The sentence is dynamically updated when the record content or context changes. And Castlepoint includes inbuilt capability to destroy or transfer records compliantly when their end of life is reached.  

Use, reuse, and interoperability

Maturity in this domain is also low across government, based on the 2024 Check-up results. This section of the survey evaluates how easy it is to get the right information to the right people at the right time – and agencies are struggling. The most significant gaps were in declassifying restricted records once sensitivity expired; applying standardized metadata; and having an agency-wide metadata registry (2/5 overall).  

Castlepoint captures not only the available metadata and properties of information objects and records, but also the full set of topics, people, dates, and events related to the record. This is captured in the secure Castlepoint database, so that limited metadata fields in source systems can be used for productivity, rather than compliance. Castlepoint also classifies records with an accurate security marking, and flags when a classified record no longer needs restriction and can be downgraded. This ensures that information is rapidly discoverable, interoperable, and accessible as needed.

In summary

Castlepoint significantly improves Check-up compliance for Australian Government. As soon as it is deployed, it makes the in-scope systems fully compliant with the functional requirements of ISO 15489 and ISO 16175, without any business or systems disruption. With Castlepoint, our customers can breeze through their annual Check-up reporting, demonstrating the highest level of maturity.  

Castlepoint makes any system compliant, in a manage-in-place model, using autoclassification. Agencies reporting the highest levels of Check-up maturity have already adopted Castlepoint, or are planning to:

Users do not want to use traditional EDRMS, which is why maturity across line of business systems continues to stay low in Australian Government. They prefer to use M365, or even shared drives, and the effort in training and governance we have invested in changing user behaviour over the last decade have only moved the needle so far.

As well as user impact, we have to consider technical impact. Organisations cannot justify retrofitting existing business systems for compliance, building specialist integrations, or missing out on key productivity features because new systems can’t tick the records box:

The 2025 Check-up is open until 1 December. If your agency is looking to move beyond compliance and demonstrate true capability, our team can help. Castlepoint’s explainable AI platform is already supporting agencies across government to automate capture, enforce metadata standards, and prove maturity.

Reach out to our team today to discuss how you can lift your Check-up results and strengthen trust in your information.