Chapter 9.3 – Records Management

Home 9 Policy 9 Chapter 9.3 – Records Management
Back to Policies & Procedures
[ivory-search id="40" title="AJAX Search Form"]

This policy applies to our company employees, contractors and volunteers who create or maintain records, business systems, database applications and business applications on behalf of our company.

This policy provides the overarching framework for any other corporate information, management policies, procedures or guidelines.

Purpose

The purpose of this policy is to establish a framework for the creation and management of our company records.

Related Documents

Primary:

  • Nil

Secondary:

  • Civil Liability Act 2003
  • Electronic Transactions (Queensland) Act 2001
  • Evidence Act 1977
  • Information Privacy Act 2009
  • Judicial Review Act 1991
  • Local Government Act 2009
  • Local Government Regulation 2012
  • Public Records Act 2002
  • Public Sector Ethics Act 1994
  • Right to Information Act 2009
  • Corporate Records Disaster Preparedness and Management Plan
  • General Retention and Disposal Schedule
  • Information Security Policy
  • Local Government Sector Retention and Disposal Schedule
  • Queensland State Archives Records Governance Policy
  • Record Keeping Charter
  • Right to Information Policy
  • Privacy Policy

Policy Statement

Our company’s records are its corporate memory and as such are a vital asset that support ongoing operations and provide valuable evidence of business activities over time. Our company is committed to implementing best practice recordkeeping practices and systems to ensure the creation, maintenance and protection of accurate and reliable records.

Our company recognises its regulatory requirements as a public authority under the Public Records Act 2002. It is committed to the principles and practices set out in the Records Governance Policy, and other relevant Queensland State Archivist standards and guidelines.

All recordkeeping practices within our company are in accordance with this policy and its supporting procedures.

Complete and Reliable Records

Our company’s recordkeeping practices, processes and systems assist in making complete and reliable records. Complete and reliable records should be:

  1. Created to document and facilitate the transaction of Company business.
  2. Captured into the corporate recordkeeping systems.
  3. Adequate for the purposes for which they are created and kept.
  4. Complete in content and contain the structural and contextual information necessary to document a transaction.
  5. Meaningful with regards to information and/or linkages that ensure the business context in which the record was created and used is apparent.
  6. Accurate in reflecting the transactions, activities or facts that they document.
  7. Authentic in providing proof that they are what they purport to be and that their purported creators did actually create them.
  8. Inviolate through being securely maintained to prevent unauthorised access, alteration, removal or destruction.
  9. Accessible by being kept in a format that allows their continued use.
  10. Useable through being maintained so that they are identifiable, retrievable and available when needed.
  11. Retained for as long as they have administrative, business, legislative, historical and cultural value.
  12. Preserved by being stored, protected and maintained.

Protection of Records

Records are preserved and maintained over time for as long as required to meet administrative, legal, fiscal and archival requirements.

The Corporate Records Disaster Preparedness and Management Plan has been developed to document the risk mitigation and preparation actions, and the rehearsed recovery procedures in the event of a disaster impacting our company’s records.

Access to Records

All records received or created within or on behalf of our company are official records that belong to our company and, subject to the considerations shown in this clause, are to be discoverable and accessible as authorised.

An employee’s level of access to records is relevant to:

  1. Position responsibilities and requirements;
  2. Level of delegated authority;
  3. Privacy considerations;
  4. Legal professional privilege;
  5. Commercial-sensitivity; and
  6. Other specific considerations where confidentiality restricts the normal right of access to records.

Authorisation from the CEO may be required before access is granted.

The Information Security Policy and related policy documents detail the access requirements and restrictions regarding our company’s records.

Our company is required to comply with legislation that permits access to its records by members of the public and authorised external agencies, or as part of a legal process such as discovery or subpoena. Enquiries or applications for access to our company’s records are considered in accordance with our company’s Right to Information Policy.

Retention and Disposal of Records

In general, it is an offence to destroy any public record without authorisation from the State Archivist. Unless otherwise authorised, all records must be retained and disposed of in accordance with the Local Government Sector Retention and Disposal Schedule. This Schedule is used in conjunction with the General Retention and Disposal Schedule.

Retention of Records

Records must be appraised for possible continuing archival value. That is, records with legal, historical or cultural significance to our company and the community must be retained permanently in Company’s Records Collections or State Archives.

Any records subject to legal processes such as discovery and subpoena or required for internal or external review or investigation or relevant to an application made under the Right to Information Act 2009 must be protected and not destroyed even if the retention period has passed.

Disposal of Records without Reference to a Retention and Disposal Schedule

Ephemeral records (that is items of short-term temporary informational value that are not required to be kept as records) may be destroyed at any time without reference to a retention and disposal schedule. These records which may include announcements of social events, duplicate copies or extracts of documents kept only for reference, copies of circulars, forms, etc, can be disposed of as part of normal office administrative practice.

Where the official version of a record is verified as being already maintained in our company’s recordkeeping system a copy may be destroyed/disposed of, in the appropriate manner, at any time without reference to the Retention and Disposal Schedules.

Recordkeeping Systems

Our company’s primary recordkeeping system, ECM, is the internal recordkeeping system where all corporate administrative records are captured and stored. Paper-based records received by our company are captured within this system through digital imaging. Paper files are only created and maintained for particular classified records (in accordance with the Information Security Policy) or by special arrangements with the Records Management Unit.

While ECM constitutes our company’s preferred primary recordkeeping system for all corporate administrative records, there are a number of other information systems, databases, software applications and paper based systems which operate outside ECM and function as recordkeeping systems.

Our company’s recordkeeping systems are dedicated to creating and maintaining authentic, reliable and useable records which meet the needs of internal and external stakeholders. Records are maintained for as long as they are required to effectively and efficiently support our company’s business functions and activities.

All of our company’s records must be created and maintained within the preferred recordkeeping systems. Records must not be stored/maintained in network drives (for example O and P drives), local hard drives, electronic mail boxes (Outlook, PST files) or other storage devices. These electronic storage facilities do not contain recordkeeping functionality to ensure records are captured and managed in accordance with sound recordkeeping principles.

Our company’s recordkeeping systems manage the following processes:

  1. Creation and capture of records;
  2. Storage of records;
  3. Protection of record integrity and authenticity;
  4. Security of records;
  5. Access to records;
  6. Disposal of records in accordance with retention and disposal schedules.

Recordkeeping Responsibility

CEO:

The CEO is responsible for ensuring our company’s compliance with the Public Records Act 2002 and the principles and standards established by Queensland State Archives, and include:

  1. Accounting for recordkeeping and recordkeeping systems within our company to Ministers, Parliament and others as required;
  2. Assigning recordkeeping responsibilities within our company;
  3. Providing appropriate resources to maintain recordkeeping systems and processes;
  4. Ensuring recordkeeping systems are in place and produce complete and reliable records;
  5. Ensuring recordkeeping requirements are included in all business undertaken by our company;
  6. Taking all reasonable steps to implement recommendations made by the State Archivist;
  7. Actively promoting and supporting a positive recordkeeping culture throughout our company;
  8. Ensuring employees, contractors and volunteers are aware of their recordkeeping responsibilities.

These responsibilities are delegated to relevant positions in accordance with the provisions set out below.

Information and Communication Technology

The Information Technology Services Unit shall:

  • Provide the technical infrastructure required for recordkeeping;
  • Provide technical support for the recordkeeping systems;
  • Provide expert advice on information technology for recordkeeping strategies in an electronic environment;
  • In partnership with Records Management employees; develop, manage and monitor the technical aspects of:
  1. Disaster preparedness and recovery strategies and procedures;
  2. Records and systems migration strategies and procedures; and
  3. Regular backups for records and recordkeeping systems and business systems that create and store records;
  • Manage the security mechanism for the protection from unauthorised access to information in electronic form.

Records Management Unit

The Records Management Unit shall:

  • Develop and implement recordkeeping processes;
  • Identify recordkeeping requirements in consultation with other organisational units;
  • Consult with Queensland State Archives in relation to policy and Information Standards development;
  • Make, keep and preserve complete and reliable records that document business transactions within compliant and accountable recordkeeping systems;
  • Train our company employees in relation to recordkeeping obligations, processes and procedures;
  • Ensure strategies and procedures exist to identify and locate records;
  • Develop and maintain recordkeeping administration for our company’s primary recordkeeping system;
  • Develop and implement an internal recordkeeping framework, including policies, standards, procedures and tools;
  • Identify and manage vital corporate records with regard to the relevant storage parameters and accessibility standards;
  • Develop, manage, test and review disaster preparedness and recovery strategies and procedures for all records, including electronic records.

Managers and Supervisors

All managers and supervisors shall:

  • Ensure complete and reliable records are made and captured into the relevant record and business systems that create and maintain records;
  • Ensure recordkeeping systems underpin and support business processes and report any deficiencies to the Manager Corporate and Technology Services; and
  • Monitor employee, contractor and volunteer compliance with our company’s recordkeeping processes and practices.

Employees

The capture and recording of our company records is the responsibility of all Council employees, including our company contractors and volunteers and includes the following:

  1. Create complete and reliable records of our company business in accordance with the Public Records Act 2002.
  2. Comply with all policy documents introduced to foster recordkeeping best practice throughout our company in compliance with the Records Governance Policy.
  3. Capture our company records into the relevant recordkeeping system at the time of creation or receipt.
  4. Keep records for as long as they are required for business, legislative, accountability and cultural purposes.

Refer to the Recordkeeping Charter for further details regarding responsibilities and process timelines.

Records Steering Group

The Records Steering Group is made up of representatives from each department in our company.

The role of the group is to discuss and troubleshoot recordkeeping matters and provide recommendations for process improvements.