View Document

Records Management Procedure

This is not a current document. It has been repealed and is no longer in force.

Section 1 - Background and Purpose

Preamble

(1) The University is committed to making and maintaining information and records that fully and accurately reflect its business activities, and undertakes to provide its staff with appropriate guidance, tools and services to ensure its recordkeeping commitments are achieved.

General

(2) Records and Archives Services (RAS) is responsible for coordinating the University records management program, including setting standards, and providing training and advice.

(3) The University follows sound standardised processes for the:

  1. The creation and capture of records;
  2. The maintenance and management of records;
  3. The storage of records;
  4. The protection of record integrity and authenticity;
  5. The security of records; and
  6. Access/Retrieval of records.

(4) This procedure applies to:

  1. all aspects of University business, all records created during business transactions, and all business applications used to create records including email, database applications and websites.
  2. the management of records, in all formats and maintained on different media including hardcopy and electronic, created or received by the University in support of its business, activities and transactions.
Top of Page

Section 2 - Scope

(5) Refer to the Records Management Policy.

Top of Page

Section 3 - Policy Statement

(6) Refer to the Records Management Policy.

Top of Page

Section 4 - Procedures

Creation, Management and Control

(7) The University must ensure:

  1. Full and accurate records of all University activities and decisions are systematically created by authorised people or systems to meet business needs, accountability requirements and community expectations. 
  2. Authentic records of all University activities and decisions are consistently captured by robust and compliant systems. 
  3. Public records are correctly and clearly associated to the relevant times, people, systems, processes and events to ensure they are reliable evidence of what occurred. 
  4. Public records are preserved for future use at the time of their creation and capture through effective strategies, methods and formats.
  5. Systems that capture public records maintain the integrity of the records as evidence, protecting them from undetected and unauthorised alteration.

(8) The University must ensure:

  1. Metadata elements needed for the structure, context and management of business records to be used and understood over time are captured, maintained and connected with the records.
  2. Business records are classified in accordance with business classification schemes that are aligned and mapped to access controls and disposal programs. 
  3. Business records are accurately tracked using systems that create, capture and maintain information about the movement of and actions on records.

Staff Responsibility

(9) University staff must:

  1. Be aware of and act on the recordkeeping obligations and responsibilities that relate to their duties. This involves:
    1. understanding the functions of their role and organisational area within the University and the records required to support those functions
    2. knowing the legislative and University policy requirements about recordkeeping in relation to their duties
    3. understanding how information needs to be shared between staff to support business efficiency
    4. understanding the risks involved in activities and what records may need to be kept for evidence purposes
    5. following local records-management processes.
  2. create and capture records of their daily work. This will include records for the following business activities:
    1. approval or authorisation
    2. guidance, advice or direction
    3. information relating to projects or activities
    4. formal business communications to and from external parties, students and other staff.
  3. ensure that University records are full, complete, accurate, meaningful, and adequate for the purpose for which they are kept.
  4. capture University records into the appropriate recordkeeping systems in line with this procedure, associated guidelines and local processes.

Recordkeeping Systems

(10) All information created or received in the conduct of University business should be considered a public record and therefore captured into a recordkeeping system.

(11) It is important that records and documents are stored correctly to:

  1. ensure easy access to and retrieval of information
  2. facilitate sharing documents and collaborative work
  3. comply with legislative requirements for recordkeeping
  4. assist with business continuity and the maintenance of corporate knowledge, and
  5. minimise duplication.

(12) The University maintains a comprehensive Electronic Document and Records Management System (EDRMS). An EDRMS is used to capture, maintain, manage and store University records, irrespective of format.

(13) There are also a number of systems that may generate records which operate outside of the EDRMS

(14) Business Systems include automated systems that create or manage data of University activities. They include applications whose primary purpose is to facilitate transactions between an organisational unit and its customers - for example, a student management system, purpose-built or customised database, finance management or human resources systems.

(15) The following "systems/tools" do not provide adequate recordkeeping functionality and should not be used to store University records:

  1. Hard copy systems not controlled by the University’s EDRMS
  2. Email folders
  3. Local PC drives, portable storage devices; and
  4. Shared (network) drives

Managing Email

(16) Staff must manage email containing information relating to a business transaction or decision as a University record and according to the policies and procedures of the University.

(17) University email documents the business activities of the agency. Examples of corporate emails include:

  1. a communication between staff in which formal approval is recorded
  2. a direction for an important course of action
  3. business correspondence received from outside the agency
  4. University email must be retained for as long as is determined by records management requirements.

(18) Ephemeral email is email which facilitates business but which does not need to be retained as a record. Examples include:

  1. meeting notices
  2. copies of minutes
  3. copies of reports or newsletters
  4. staff movements
  5. advertising material and any other publicly available material
  6. internal work-related email received by ‘carbon copy’ (cc) or ‘blind carbon copy’ (bcc).

(19) While staff may store records in email systems in the short term, corporate records must be retained and managed on an appropriate corporate file in the EDRMS approved local recordkeeping system for longer term storage.

(20) Native email systems, i.e. Microsoft Outlook, are not sufficient as recordkeeping systems.

  1. Emails which form part of the corporate record should be able to be read by anyone who has sufficient access privileges. But many email systems only allow the recipient or the creator of emails to access those messages.
  2. Records should not be able to be altered (or only in an authorised fashion), otherwise they may not be considered reliable evidence. Many email systems allow users to alter their message after they have been sent or received.
  3. Email Archiving or Vaulting does not have the controls and management requirements of a compliance EDRMS. In many cases Vaulting causes difficulties with the retrieval and storage of the record as it separates the email metadata from the content.

Digitisation

(21) Also known as imaging or scanning, digitisation is the means of converting hard-copy or non-digital records into digital format. Hard-copy or non-digital records include audio, visual, image or text. Digitisation may also be undertaken by taking digital photographs of the source records, where appropriate.

(22) The digitisation of records does not automatically mean they can be destroyed. The University is obligated to meet a set of measurable requirements which define the criteria for the digitisation of records which includes the development on an approved digitisation plan.

Records Protection and Security

(23) University records are required to be accessible unless there is a clear reason for them not to be. 

(24) Records Protection and Security is concerned with the following:

  1. Confidentiality: ensuring that information is accessible only to those authorised to have access.
  2. Integrity: safeguarding the accuracy and completeness of information.
  3. Availability: ensuring that authorised users have access to information when required.
  4. Responsible use: ensuring that controls are in place so that users of IT systems are not able to adversely affect other users or other systems.
  5. Compliant Use: meeting legal and contractual obligations.

(25) The University staff member who creates or receives the record is responsible for the assessment and application of the appropriate protection and security requirements.

(26) Groups or types of records that may require alternate procedures include those whose unauthorised access, disclosure, loss of integrity, or unavailability may:

  1. Seriously damage, or compromise, the success or adversely affect the viability, of a commercial venture or law enforcement process;
  2. Cause distress to, or threaten, an individual (i.e. records containing personal information, e.g. HR personnel files, MCH, Aged or Youth records);
  3. Have specific legislative restrictions or requirements;
  4. Cause serious financial damage to and/or lead to litigation against the agency; and/or
  5. Cause serious loss of public confidence.

Records Storage

(27) Records and Archives Services (RAS) implements a storage program for records which has the following key benefits for the University:

  1. Records remain usable and accessible by the agency for the duration of their retention period as they are consistently monitored and maintained whilst in storage;
  2. Effectively manage and recover from disasters as operations are aligned to and cater for the different circumstances of different types of records and business units or organisation’s involved;
  3. Facilities for the storage of records (including shelving and other equipment) are effectively maintained and meet ongoing building, safety and other requirements; Staff know what records are stored where, so they are able to identify and retrieve them efficiently; and Anticipated future storage needs can be catered for.

(28) There are a number of factors that influence decisions regarding the storage of University records. These include (but are not limited to) the following:

  1. The age of the record: Whether the record is created and managed using current systems and processes, or using a previous system that may no longer be supported, will have an impact on what will be needed for the record to be managed appropriately whilst in storage.
  2. The media and format of the record: Whether the record is a paper file, a large volume, a building plan, a CD-ROM, a word-document, an excel spreadsheet, an access database, or a website, for example, will have an impact on what will be needed for the record to be managed appropriately whilst in storage.
  3. Anticipated use of the record: Whether the record is current, semi-current, or non-current will influence how often the record may need to be retrieved, and will therefore have an impact on what will be needed for the record to be managed appropriately whilst in storage.
  4. Retention period of the record: How long the record needs to be kept before it can be disposed of will have an impact on what will be needed for the record to be managed appropriately whilst in storage.

Records Retrieval

(29) Records and Archives Services (RAS) implements sound procedures for the tracking and retrieval of University records. 

(30) Business, freedom of information requests, and other requirements are more effectively addressed as the location of records is known and retrieval processes are efficient.

(31) Tracking the movements of University records enhances identification and retrieval and enables queries to be addressed efficiently as the location of business records can be established quickly and accurately.

(32) The University places a strong emphasis on managing the risks associated with the preservation and retrieval of records, regardless of their format and location.

High Value Records

(33) Records can be considered high value if they are determined to be of:

  1. Permanent value
  2. Business value

(34) Records determined to be of a permanent value are to be transferred to the Public Record Office Victoria as part of the State Archives.

(35) Records determined to be of a business value are critical to enabling the University to:

  1. undertake and continue its functions
  2. make good decisions
  3. service clients
  4. maintain or enhance its reputation
  5. respond to commissions, enquiries, audits, investigations and legal issues

High Risk Records

(36) Records can be considered high risk if they are not being managed appropriately.

(37) Risks for record keeping can be attributed to:

  1. Risks relating to the security of the record and the information it contains; or
  2. Risks to the records continuing to be available, readable and useable for the duration of its retention period.
Top of Page

Section 5 - Definitions

(38) For the purpose of this Procedure:

  1. Access (AS ISO 15489.1-2002, s3.1): Right, opportunity, means of finding, using, or retrieving information.
  2. Business Classification Scheme (BCS) (PROV Master Glossary): A master plan, or structure, within which information can be categorised. A classification scheme creates an organisational structure for information. 
  3. Capture (AS 4390.1 -1996, s.4.7): a deliberate action which results in the registration of a record into a recordkeeping system. For certain business activities, this action may be designed into electronic systems so that the capture of records is concurrent with the creation of records.
  4. Digitising (PROS 11/07 G1): The process of converting a physical record to a digital representation.
  5. Document (Freedom of Information Act 1982, s.5, Interpretation of Legislation Act 1984, s.38, Evidence Act 1958, s.3):
    includes, in addition to a document in writing—
    1. any book, map, plan, graph or drawing; and
    2. any photograph; and
    3. any label marking or other writing which identifies or describes anything of which it forms part, or to which it is attached by any means whatsoever; and
    4. any disc, tape, sound track or other device in which sounds or other data (not being visual images) are embodied so as to be capable (with or without the aid of some other equipment) of being reproduced therefrom; and
    5. any film, negative, tape or other device in which one or more visual images are embodied so as to be capable (as aforesaid) of being reproduced therefrom; and
    6. anything whatsoever on which is marked any words figures letters or symbols which are capable of carrying a definite meaning to persons conversant with them; and
    7. any copy, reproduction or duplicate of anything referred to in paragraphs (i) to (vi); and
    8. any part of a copy, reproduction or duplicate referred to in paragraph (viii)

      - but does not include such library material as is maintained for reference purposes;
  6. Metadata (AS ISO 15489.1-2002, s.3.12): Data describing context, content, and structure of records and their management through time
  7. Movement (PROV Master Glossary): Change of location. This includes a change of location from one system to another, from one storage location to another, from one user to another, from one agency to another, or one business unit to another.
  8. Non-current Records (PROV Master Glossary): ‘Records no longer needed by their office of origin to conduct current business’
  9. Public Record (PROV Master Glossary):
    1. any record made or received by a public officer in the course of his duties; and
    2. any record made or received by a court or person acting judicially in Victoria—
      but does not include—
      1. a record which is beneficially owned by a person or body other than the Crown or a public office or a person or body referred to in s. 2B [of the Public Records Act 1973]; or
      2. a prescribed record held for the purpose of preservation by a public office to which it was transferred before the commencement of the Arts Institutions (Amendment) Act 1996 by a person or body other than the Crown or a public office; or
      3. a record, other than a prescribed record, held for the purpose of preservation by a public office to which it was transferred, whether before or after the commencement of the Arts Institutions (Amendment) Act 1994, by a person or body other than the Crown or a public office.
  10. Recordkeeping (PROV Master Glossary): ‘Making and maintaining complete, accurate and reliable evidence of business transactions in the form of recorded information.
  11. Records (AS ISO 15489.1-2002, s.3.15): Information created, received, and maintained as evidence and information by an organisation or person, in pursuance of legal obligations, or in the transaction of business.
  12. Records Management (AS ISO 15489.1-2002, s.3.16): Field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposal of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the forms of records.
  13. Records System (AS ISO 15489.1-2002, s3.17): Information system which captures, manages and provides access to records over time
  14. Retrievable (PROV Master Glossary): ‘Process of recovering specific documents from a store’. This requires accurate identification of the record, including its location, access status, and that the information contained on the record is readable.
  15. Registration (AS ISO 15489.1-2002, s.3.18): Act of giving a record a unique identifier on its entry into a system.
  16. Storage Area (PROV Master Glossary): A vault, cupboard, room, shelves, or compactus whose primary purpose is to store current and semi-current records.