Industry

Digital asset management for government & public sector

“Government” runs from a federal department to a town council. What they share isn’t a budget — it’s that the photographs are public records, the people in them often signed nothing, and somebody can oblige you to produce all of it.

The 30-second version. Public-sector asset management is governed by procurement, records and public accountability — not brand polish. Four questions settle the shortlist before a single feature does: where the data is allowed to live (a vendor’s cloud may need an authorisation your buyer accepts, or you self-host inside a boundary you already control); whether you can produce an asset when a public-records request lands, and retire it when its retention schedule says so; whether published material carries the alt text and captions accessibility obligations require; and whether the people in the frame ever agreed to be there. And “government” spans a federal agency and a parish council — they do not buy the same thing, and anyone who tells you otherwise is selling.

This page is the public-sector asset problem. The tools themselves — and the one compliance signal we could actually verify — are in our government DAM ranking, where we looked each vendor up on the FedRAMP Marketplace instead of repeating their compliance page. If your real constraint turns out to be “the data never leaves our boundary” rather than “the vendor holds an authorisation”, our on-premise DAM ranking is the closer fit.

The asset problem in government & public sector

Most industries’ asset problem is a selling problem. A public body’s isn’t. Its photographs and video are made with public money, published under public obligations, and — in most jurisdictions — are themselves public records. That moves the governing question from “does this make us look good” to “can we account for it.” It is worth saying plainly that “government” is not one buyer: a federal agency with a security office and an accredited boundary, a state department, a city, a school district, a university communications team, and a town council with one part-time comms officer all live under this heading. They share the accountability. They share neither the budget nor the procurement rules, so the right answer genuinely differs — and a page that gave you one answer would be lying to most of you.

First: where the data may live. For a US federal buyer, a vendor’s cloud may need a FedRAMP authorisation — and, as we found when we checked the marketplace listings for our ranking, “FedRAMP-ready” on a vendor’s website and an actual listing are different claims that frequently disagree. But FedRAMP governs federal use of cloud services. A state agency, a city, a school district or a university often buys under a different framework entirely, and shouldn’t let a vendor’s authorisation decide its shortlist. And there is a third path: self-hosting inside a boundary your own agency has already accredited removes the vendor-authorisation question altogether, because there is no vendor cloud for it to apply to. Which of the three you are in eliminates most of the market before you compare a feature. FedRAMP, SOC 2 Type II and ISO 27001 are all reasonable things to demand evidence for — but we don’t audit any of them ourselves, and neither should you take a vendor’s word: ask for the report, check the listing yourself, and let your security office make the binding call.

Second: records, retention and public-records requests. This is the one that separates a public library from a corporate one. When a public-records request arrives — or an audit, or a legal hold — you must be able to identify what is responsive and produce it, on a clock you do not control. That is impossible if the organising principle is a folder somebody named in 2019 and then left the job. It needs consistent metadata and an audit trail: a record of who did what to which asset and when. The far end matters just as much. Retention and disposition schedules say how long a record is kept and when it should go, which means the asset lifecycle is not housekeeping you get to postpone — it is an obligation with a date attached, and “we kept everything forever because deleting felt risky” is its own kind of failure.

Third: accessibility. Published material carries accessibility obligations, and for imagery those obligations land almost entirely on metadata — alt text and captions. The trap is where that text lives. If it is typed into the CMS at publication, it exists only there: the next team to publish the same photograph starts from an empty field, and the obligation is re-incurred every single time the asset is reused. Written into the asset’s own standard fields, it travels with the file. That is a question about what a tool writes and what it drops, which is exactly what we put tools through in our metadata fidelity testing.

Fourth: consent and identifiable people. Public bodies photograph the public. Schoolchildren at a prize-giving, patients in a clinic, service users at a shelter, residents at a planning meeting. A commercial brand shoots models who signed a release; an agency very often has no release at all, and the person in the frame did not choose to enter a searchable library. This is where a capability that is a straightforward selling point elsewhere deserves a harder look: face recognition across an archive of citizens is a categorically different proposition from grouping your own staff headshots, and “the tool can” is not “we should.”

Fifth: budget cycles, procurement and outliving everyone. Enterprise DAM is quote-based — every tool in our government ranking is — and a quote collides awkwardly with public tendering, which wants a specification and comparable prices, on a budget cycle that may not care what your evaluation concluded in March. It is one reason a free or open-source DAM gets a serious hearing in the public sector when it would be waved off elsewhere: no seat count to defend at renewal. And public archives are long-lived in a way corporate ones are not. The collection outlives the staff who made it, the officer who chose the tool, the contract, and sometimes the vendor — so metadata portability quietly matters more than the feature list. What you keep when you leave a system is the part you will still have in ten years.

Where a DAM saves money here

  • Producing records on a deadline, not staging a fire drill. A request with a statutory clock is answered by searching one catalogue, rather than by three people opening shared drives for a week. What you avoid is staff hours under time pressure — and the sharper risk of missing something responsive because nobody could find it.
  • Disposition that actually happens. Retention schedules only work if something tracks them. A library that knows an asset’s age, its approval state and its retirement date lets you keep what must be kept and dispose of what should go — the far end of the asset lifecycle, instead of an archive that only ever grows because deleting feels riskier than hoarding.
  • Accessibility metadata written once, not per publication. Alt text and captions stored on the asset travel with it, so the next department to publish that photograph inherits the work rather than redoing it — or, more often, skipping it and shipping an image with an empty alt attribute.
  • An archive that outlives the people who built it. Staff turnover is real and procurement comes round again. Metadata embedded in open, standard fields means your successors — or your next system — inherit a catalogue, not a folder of mystery filenames and an expired licence.

How it plays out

An illustrative composite. The scenario below is not one named agency — it is a composite of the patterns we see, built entirely from capabilities we have tested and published. No invented benchmarks.

Picture a mid-sized city: a communications team of three, a parks department that shoots its own events, a public-information officer on the police side, and a library service that shares a photographer with the schools. The imagery sits on a shared drive, on two staff laptops, and in a cloud folder set up by somebody who has since left and whose account nobody wants to touch.

A records request arrives asking for photographs from a public event two summers ago. Nobody is certain which folder they are in, whether what is on the drive is the original or a resized copy somebody exported for a newsletter, or whether the set includes frames of children whose parents never signed anything. Answering consumes a week of three people’s attention, and the honest answer at the end is “this is what we found” — not “this is what exists.” Meanwhile the parks department commissions a shoot of a playground that was already photographed last spring, and a photo goes up on the city site with no alt text, because the caption someone wrote lives in an email thread.

In a DAM, that request is a search: date, event, department, approval state — and the audit trail shows who touched what and when, which is the difference between producing a record and asserting one. The frames that shouldn’t be released are marked that way before anyone asks, because consent was recorded at ingest instead of reconstructed under a deadline; keeping that split enforceable is what granular permissions are for in a public body. The retention date is a field, so material reaches disposition instead of accumulating. The saving isn’t a percentage we can invent — it is the difference between producing a record and hunting for one. To weigh that against tool cost, our business-case guide counts search time, rework and the cost of waiting.

The capabilities that matter most here

1. The deployment decision, made first

Before any feature: where is the data allowed to live? A vendor cloud that a federal buyer can accept needs an authorisation you can check, not a compliance page you can read — our government DAM ranking looked each vendor up on the FedRAMP Marketplace for precisely that reason, and the vendor’s claim and the listing did not always agree. If your data cannot leave a boundary your agency has already accredited, the vendor’s authorisation is moot and an on-premise deployment answers the question instead. Settle this before comparing anything else; it decides more than any feature will.

2. Findability and a defensible record

A records request is a search with a statutory clock on it. That needs consistent, enforced metadata rather than folder names in somebody’s head, and an audit trail that can show who did what to which asset and when. Pair it with the retention end of the asset lifecycle — disposition dates the system tracks and acts on — and the library can answer both halves of the obligation: produce what must be produced, and let go of what should go.

3. Metadata that travels with the asset

Alt text and captions are accessibility obligations, and they are metadata. Held in the CMS, they are recreated or skipped every time an asset is published somewhere new; embedded in the file’s standard fields, they travel with it. The same property decides whether your archive survives the next procurement, which is why we test metadata fidelity specifically: what a tool writes, and what it quietly drops on the way out.

4. Permissions and consent, not just security

Public bodies photograph people who never signed anything. That makes granular permissions a records control rather than an IT preference: some material is internal, some is releasable, and the library should know which is which before a request arrives rather than during one. It also earns a capability elsewhere sold as a headline a deliberate decision — running face recognition across an archive of citizens is not the same act as grouping your own staff photos, and for many public bodies the right configuration is off.

Buyer’s test: during the trial, run a records request against the pilot library. Pick an event and a date range you choose, and see whether you can produce every responsive asset — including the ones marked not-for-release — by searching, rather than by asking whoever remembers the folders. Then export that set and open the files somewhere else: are the alt text, captions, credits and consent notes you entered still in them? If a request is answered by a search and your metadata survives the export, the tool fits a public body. If the answer is “ask the person who set this up” and the export strips your fields, it doesn’t — whatever its compliance page says.

FAQ

Why does a government agency need a DAM and not just a shared drive?

Because a public body's photographs are records, not just marketing. When a public-records request, an audit or a legal hold arrives, you have to find what's responsive and produce it on a deadline you don't control - and a shared drive gives you folder names plus whoever remembers them. The other end of the lifecycle counts too: retention and disposition schedules say what must be kept and when it should go, so managing the asset lifecycle is a legal obligation rather than housekeeping. A drive can't track that. A catalogue with consistent metadata and an audit trail can.

Does a DAM for government have to be FedRAMP authorized?

Only if that is actually your framework, and for much of the public sector it isn't. FedRAMP governs federal use of cloud services, so a state agency, a city, a school district or a university often buys under a different framework entirely and shouldn't let a vendor's authorization decide its shortlist. And if the data never leaves a boundary your own agency has already accredited - a self-hosted install on your own infrastructure - there is no vendor cloud for that authorization to apply to. Work out which of the three situations you are in first, then compare tools. Your security office makes the binding call, not a vendor's compliance page.

How does a DAM help with FOIA and public-records requests?

By making the answer a search instead of an excavation. Consistent metadata - date, event, department, who shot it, whether it is releasable - means you can identify what's responsive rather than opening folders and hoping. An audit trail shows who touched which asset and when, which is what separates 'this is what exists' from 'this is what we found'. And because releasability can be recorded when the asset is ingested rather than reconstructed under a deadline, material that shouldn't go out is already marked before anyone asks for it.

We photograph children and members of the public. What should we look for?

Treat consent as metadata and permissions as a records control. The people in a public body's photographs frequently never signed a release - schoolchildren at an event, patients, service users, residents at a meeting - so the library needs to record what was agreed at the moment of ingest, and to keep internal-only material separate from anything releasable. It is also worth making a deliberate decision about face recognition: grouping faces across an archive of citizens is a different proposition from grouping your own staff photos, and the fact that a tool can do it doesn't settle whether your agency should switch it on.

Why does metadata portability matter more than features for a public archive?

Because the archive outlives the staff, the contract and possibly the vendor. Public collections are long-lived, people move on, and procurement comes around again - so the question isn't only what a tool does today but what you keep when you leave it. If alt text, captions, credits and consent notes are written into the file's standard metadata fields, the next system inherits a catalogue. If they only ever live in the vendor's database, the next team inherits a folder of mystery filenames. Test the export during the trial, not after you sign.

Sources & references

  1. Government DAM ranking (FedRAMP) — where we checked each vendor’s FedRAMP status on the marketplace rather than on their compliance page, and where the on-premise path is laid out for buyers whose data can’t leave their own boundary. July 2026.
  2. FedRAMP Marketplace — the public listing a federal buyer can check a specific product name against directly. We check listings; we don’t audit certifications ourselves. Accessed July 2026.
  3. On-premise DAM ranking and free & open-source DAM ranking — deployments that keep assets inside a boundary your agency already accredited, and the licensing end of the procurement question.
  4. Metadata fidelity testing — what a tool writes into standard fields and what it drops on export; the basis for the accessibility-metadata and portability points on this page.
  5. Audit trail and asset lifecycle — the record of who did what to an asset, and the retention-and-disposition end that makes lifecycle a public-sector obligation rather than housekeeping.
  6. Granular permissions and face recognition rankings — the access controls behind the releasable/internal split, and the capability that deserves a deliberate decision when the subjects are members of the public.

The deployment, findability, metadata and permissions capabilities are drawn from our testing and reviews; the composite city invents no agency, no budget and no numbers. FedRAMP, SOC 2 and ISO 27001 are named here only as things to demand evidence for — we audit none of them ourselves, per how we source claims. Nothing here is legal advice: your records officer and security office make the binding calls. See how we test.

Marta Kowalski · Lead DAM Reviewer
Marta has tested how DAMs record, retain and produce assets under access rules — the questions a public body has to answer to somebody else. Reviewed by James Tran.

Keep reading