Skip Navigation

Records Management Procedures

This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the pale grey navigation bar above.

Section 1 - Definitions

(1) The Definitions listed in the Records Management Policy apply to this Procedure. In addition, the following definitions also apply:

  1. Retention and Disposal Authority are documents issued by the State Records Board NSW that specify the time periods for which particular classes of Records must be retained.

Section 2 - Procedures

(2) A Record is of corporate value and needs to be saved in a Corporate Records Management System when it relates to University business and meets one or more of the following criteria:

  1. it is written, received or used in the course of business dealings;
  2. it approves or authorises action/s;
  3. it signifies a policy change or development;
  4. it commits the University to an arrangement or business deal;
  5. it contains advice or guidance for people inside or outside the University; and/or
  6. it requires an action.

(3) All Records at the University must be managed through one of the following:

  1. the electronic document records management system;
  2. the Corporate Records Management System maintained by the Corporate Records Unit; or
  3. a local business system or procedure approved by the Corporate Records Unit.

(4) If using a system that is not the Corporate Records Management System maintained by the Corporate Records Unit, the relevant Head of Work Unit must ensure the alternative system satisfies the State Records Act 1998 (NSW), and includes system backup and disaster recovery practices. This determination should be made before adopting the alternative system and after consultation with the Corporate Records Unit and Technology Services about the suitability of the system.

(5) Work units should contact the Corporate Records Unit at the procurement stage when planning to purchase or develop local business systems to ensure that Records Management requirements are incorporated.

Creating and capturing Records

(6) Staff and Third Parties must ensure that they create Records of all decisions and actions made in the course of their official business. This may include, but is not limited to, emails, correspondence, data in computer or information systems, videos, and electronic data.

(7) Each Work Unit is responsible for liaising with the Corporate Records Unit to define their unit's Records Management requirements. Work units may create local guidelines to ensure that their Records Management suits their activities and is consistent with the Records Management Policy and other relevant Procedures.

(8) Heads of Work Units are responsible for identifying additional legislative or government compliance that applies to their area or activity (for example, the Health Records and Information Protection Act 2002 (NSW) and the Government Information (Public Access) Act 2009). Staff should contact the Legal Office for specific advice.

(9) Records must be captured by one of the recordkeeping systems listed in clause (3) as soon as they are created. Each Record will have a defined list of authorised users who must be able to access the Record at all times.

(10) To preserve the integrity of Records, no additions or alterations may be made to an existing Record. If additions or alterations are required, a subsequent version of the original Record should be created using the same recordkeeping principles as applied to the original.

(11) The Corporate Records Unit will manage the ongoing retention of all Records in accordance with Retention and Disposal Authorities.

Physical Records

Storage

(12) Physical Records must be stored in secure storage areas in each work unit, with access restricted to authorised staff. Where physical Records are stored with an individual employee they must be made available to authorised staff only at all times.

(13) The Corporate Records Unit is responsible for advising work units on the guidelines for labelling and storage of physical Records.

(14) Physical Records that are no longer considered current or in use for official business purposes, but that are still required to be retained in accordance with Retention and Disposal Authorities, may be stored in the Corporate Records Unit.

(15) No physical Records will be stored outside of University-controlled premises without prior approval from the Vice President, Operations or approved delegate.

Transfer

(16) On request from work units, the Corporate Records Unit will arrange for physical Records that are not required or only infrequently used for business purposes, but which still need to be retained according to the Retention and Disposal Authorities, to be transferred from work unit offices to the Corporate Records Unit.

Maintenance and monitoring

(17) The location of physical Records must be able to be easily ascertained so that they can be accessed for business needs, if required. For this reason, movement between physical locations or work units needs to be recorded and the physical location of the Record updated each time a Record is moved.

(18) The Corporate Records Unit will manage the movement of Records, and staff must request the movement of Records in their own custody via the Corporate Records Unit, including when passing a Record in their possession to another Staff member.

Electronic Records

Maintenance

(19) The Corporate Records Unit will establish the rules of the Electronic Document Record Management System to ensure compliance with the State Records Act 1998 (NSW).

(20) Data migrations must be authorised by the Vice President (Operations) and must produce authentic, complete, accessible and useable Records in order to comply with the General Retention and Disposal Authorities — Source Records that have been Migrated (GA33).

Third Parties

(21) All Records created by Third Parties performing work on behalf of the University are State Records and belong to the University.

(22) All Third Party contracts will clearly state:

  1. that ownership of Records resides with the University,
  2. that Third Parties must comply with the Records Management Policy and Procedure as its relates to their work for the University.

External access

(23) Access to Records will not be provided to parties external to the University unless authorised by the Legal Office and permissible under a University directive, Policy, or where authorised or required by law.

(24) All access to Records by members of the public, including requests made under the Government Information (Public Access) Act 2009 or Privacy and Personal Information Protection Act 1998, must be referred to the Legal Office.

(25) Provision of original physical Records should be avoided and, where possible, copies provided.

Retention and Disposal

(26) The Corporate Records Unit may determine that a Record be permanently retained as a State archive based on an appraisal in line with the relevant Retention and Disposal Authority.

(27) Records can only be disposed of with the approval of the Corporate Records Unit, who will ensure disposal occurs according to the relevant Retention and Disposal Authority, or other legal means.

(28) Records can only be designated for retention, destroyed or transferred with the prior authorisation of the Corporate Records Unit.

(29) Disposal of all Records (both electronic and physical) must be undertaken in a secure manner in accordance with the State Records Destruction of Records Guideline.

(30) The Legal Office may direct the Corporate Records Unit to suspend authorised destruction of Records subject to any legal proceedings.