Records Management Policy

19 June 2015

Foreword

As a Commonwealth agency, DFAT has an obligation to maintain good records of its business activities for legal and efficiency purposes. Our records are vital assets that support our operations, enabling us to access the information we require and to preserve our corporate memory. They enable us to operate efficiently and to meet our accountability and compliance requirements. Sound recordkeeping practices are essential for DFAT to be a well-managed organisation. To these ends, the DFAT Records Management Strategic Plan 2015-2019 provides the vision for the department’s records management program.

This policy supports the Strategic Plan and articulates the policy framework which will be adopted within DFAT for managing requirements for adequate recordkeeping of business activities and decision-making. Individual recordkeeping responsibilities applying to all staff and contractors are stipulated and mandatory. This policy supersedes all previous recordkeeping and records management policies.

This policy establishes a framework for the creation, capture, management and use of complete and accurate records in all formats, however in accordance with the whole-of-Government Digital Transition Policy the policy supports the transition from paper to digital recordkeeping. The policy also endorses the principles of digital continuity for electronic records to ensure that records are complete, available and useable for as long as needed by all potential users, including for purposes beyond the intended original use.

The potential benefits of digital recordkeeping are broad-ranging, from individual to departmental level. At the individual level, recordkeeping tasks including filing can potentially be automated and made transparent to staff conducting their core business. Reduced time thinking how and where to file or find a document, along with version control, ready access, reusability and other benefits of working digitally, provides more time to focus on core work. Where feasible, automated records capture also ensures that they are created and managed appropriately. Potential benefits of digital recordkeeping are outlined in detail at Appendix D of the policy.

A Records Management Manual supports this policy and provides a single reference source for detailed instructions, procedures and guidance on the management of specific types of records and use of the EDRMS. The manual is located on the DFAT intranet so that it is accessible by all staff and will be regularly updated.

Compliance with this policy is mandatory for all staff including contractors. All officers working for the department have a responsibility to follow this policy and to maintain sound recordkeeping practices in their daily work.

Peter Varghese
Secretary
Department of Foreign Affairs and Trade

Table of Contents

1. Purpose

The purpose of this Records Management Policy is to provide direction to staff for the creation, maintenance, storage and disposal of records and associated metadata within the Department of Foreign Affairs and Trade (DFAT).

This policy, together with the Strategic Plan for DFAT Records Management 2015-2019, and the Records Management Manual, will ensure that complete and accurate records of DFAT’s business activities are available and accessible for as long as required for operational, accountability and compliance purposes. The detailed Records Management Manual supporting this policy is intended to ensure that DFAT undertakes best practice records management processes during the policy’s period of application, specifically as the department continues the transition from paper-based processes and recordkeeping to a predominantly electronic recordkeeping environment.

This policy replaces the DFAT Recordkeeping Policy dated 9 August 2012.

2. Policy Statement

DFAT’s records are its corporate memory and a vital asset for ongoing accountability. Good recordkeeping is critical to corporate governance and operational efficiency, provides essential evidence of business activities and transactions, and demonstrates accountability and transparency in DFAT’s decision-making processes.

DFAT is committed to implementing and maintaining best practice recordkeeping policy, practice and procedure.

DFAT recognises its legislative and regulatory requirements as a Commonwealth agency under the Archives Act 1983. It is committed to meeting the principles and practices set out in the following whole-of-Government policies and standards endorsed by the National Archives of Australia (NAA):

  • the whole-of-Government Digital Transition Policy (DTP)
  • the whole-of-Government Digital Continuity Policy (DCP)
  • the International and Australian Standard for Records Management (ISO 15489)
  • the Australian Government Recordkeeping Metadata Standard (AGRkMS)
  • the Principles and Functional Requirements for Records in Electronic Environments (ISO 16175).

All staff within DFAT, including locally engaged staff (LES) and contractors, are responsible for recordkeeping. All staff must, therefore, be aware of their obligations under this policy and take reasonable action to ensure ongoing compliance. Non-compliance with the recordkeeping policy may result in action, ranging from counselling to formal disciplinary proceedings.

Records created in DFAT must be complete and accurate, as defined in ISO 15489. They must:

  • enable current and future DFAT staff to take appropriate action, and make well-founded decisions based on the records in their day to day operations
  • enable an authorised person to examine the conduct of DFAT business
  • protect the financial, legal and other rights of DFAT
  • protect people affected by DFAT’s actions and decisions.

3. Authority

This policy has been approved by the Secretary, DFAT and is the authority for recordkeeping and records management within DFAT. It shall remain valid until such time as amended, revoked or otherwise superseded by the direct authority of the Secretary.

4. Review Date

This policy is due for review in 2017 in line with the mid-point of the Strategic Plan for DFAT Records Management 2015 – 2019.

5. Scope

This policy applies to all records and associated metadata from the time of creation or capture and covers:

  • all DFAT staff, regardless of employment type
  • all aspects of DFAT’s business operations
  • all types and formats of records created to support business activities
  • all business applications used to create records
  • organisations and businesses, including their employees, to which DFAT has outsourced its functions or activities, and therefore associated recordkeeping responsibilities.

This policy does not relate to records created by any other agencies, except where they form part of a DFAT business transaction.

6. Definition of a Record

Records are evidence of business conducted by an organisation. Any reference to a record in this policy refers to records in any format as defined in the Archives Act 1983. The Glossary of Terms at Appendix A includes Complete and Accurate Record(s), which highlights characteristics that differentiate a record from other types of information and provide for a record to be admissible as evidence.

DFAT staff are responsible for keeping a record of business transactions conducted as part of their duties for the department. Examples of business transactions include documenting actions, events, conversations or other transactions where they provide evidence of formal advice or directions, or significant decisions. Records can be in any format. This includes but is not limited to:

  • Hard copy or electronic documents – e.g. Word, Excel, Power Point
  • Paper or electronic files – e.g. EDRMS containers
  • Electronic messaging – e.g. Email, voicemail, instant messaging (including Lync), SMS (short message service), multimedia message service (MMS)
  • Social media – e.g. Twitter, Facebook, LinkedIn, blogs, wikis, discussion boards/forums
  • Web content – e.g. public websites, intranet
  • Photographs – e.g. official photographs documenting business activities, Flickr
  • Videos – e.g. YouTube, Vimeo, video conferencing, teleconferencing, video instant messaging and podcasts
  • Data in business systems – e.g. PeopleSoft, SAP, AidWorks, PICS (Passport Issue and Control System), CIS (Consular Information System, and CMIS legacy records)
  • Models, plans and architectural drawings

SharePoint and social media are relatively new forms of collaboration and communication for the department. Staff who use these tools for their work should be aware that content published in this media may constitute a record as defined in this policy. Advice documents issued by the Corporate Records Section regarding the capture of records and associated metadata, from communications conducted via social media platforms, are provided on the intranet and are to be followed.

For a record in digital format to be meaningful and to serve as admissible evidence of a business transaction, associated metadata needs to be captured or created with the record to provide adequate context and to support its authenticity and management over time. Along with other provisions, as set out in the relevant areas of this policy, minimum metadata standards set by the NAA in the Australian Government Recordkeeping Metadata Standard are to be met. This will help to ensure that DFAT’s business, accountability and archival requirements are met in a systematic and consistent way, and that digital records are described, reliable, meaningful, admissible as evidence, accessible, sharable and re-usable for as long as they need to be retained.

7. Digital Transition Policy

In line with the Government’s DTP, DFAT is transitioning away from a predominantly paper-based records management system to digital recordkeeping, primarily for efficiency purposes. This means the majority of DFAT’s records will be created, stored and managed digitally, and where feasible paper records will be scanned to reduce the number of paper files.

Where paper files that are overdue for disposal exist, sentencing and disposal will be conducted as resources permit using records authorities issued by the NAA to reduce paper-based holdings.

Hybrid files (containing paper and digital records) will be phased out through the archiving process during the current Records Management Strategic Plan period (2015-2019). To ensure business, accountability and archival requirements are adequately catered for, a review of active hybrid files and remediation action will be conducted by Corporate Records Section in coordination with relevant stakeholders (eg. business area, system and process owners) as required. In light of the DTP, no hybrid files are to be created in DFAT from the date of the publication of this policy.

New or reviewed business systems and processes must be designed to support digital recordkeeping, including automated/transparent records capture, as far as practicably possible.

Advice documents issued by the Corporate Records Section regarding the creation of authentic, complete and accessible image copies of records, and the compliant management of the original document after scanning, is to be followed. This advice includes:

  • coverage of technical and legislative requirements to preserve official records of enduring evidential or informational value for future reference
  • an outline of the existing legal framework in the Australian Federal Government jurisdiction that supports tendering digital images of records for legal proceedings or for other evidentiary purposes
  • how to manage and dispose of source records after they have been scanned
  • exclusions regarding records that have been designated to be always retained in original format, and/or source records that cannot be destroyed after scanning.

Exceptions to the creation of, conversion to and management of records (files and documents) in digital format (including hybrid files) require a business case to do so and/or authorisation from the Director, Corporate Records Section (COR).

8. Digital Continuity Policy

In line with the Government’s DCP, developed to build on the foundations of the DTP, DFAT is embracing an approach to keeping and managing digital records and associated metadata to ensure that they are complete, available and can be used for as long as needed, including beyond their original business use.

The DCP requires that:

  • records and information created are complete, accurate, up-to-date, discoverable and usable by those with legitimate need, interoperable across the Commonwealth, and available and usable for as long as needed and not kept any longer than required
  • business transactions and decisions are recorded digitally, using digital authorisations and workflows by default wherever possible
  • business systems creating, capturing and/or managing records protect information from unauthorised alteration, deletion or misuse, and comply with ISO 16175
  • minimum metadata standards set by the NAA are met to ensure that digital content is described, sharable, admissible as evidence and re-usable
  • standard professional information and records management specialist qualifications, skills and capabilities set by the NAA are met
  • DFAT reports annually to the NAA on progress in digital information management capabilities and maturity.

9. Authorised Recordkeeping Systems

The EDRMS is the primary recordkeeping system for DFAT for the management of both physical and electronic records (documents and files/containers) along with the required associated metadata.

DFAT records (irrespective of format) stored in shared drives, personal drives, email folders, SharePoint sites, the Cloud, local applications, cabinets, workstations and on backup disks or drives are not compliant with DFAT’s recordkeeping obligations.

These drives and locations do not capture sufficient metadata to meet the legal recordkeeping retention and disposal requirements, and/or do not allow records to be widely searchable or accessible to all who need them, are not authenticated and are not secure from alteration or deletion.

This business information remains non-compliant until it is registered as a record in the EDRMS or an authorised business system (assessed for records management functionality against ISO 16175 and approved by the Director, Corporate Records Section), as required.

Shared network drives are not authorised for the storage and management of records. Records are not to be stored on shared network drives without approval from the Director, Corporate Records Section, based on a business case that justifies doing so.

A Business Information System is an information reporting and/or transaction system used within DFAT. Business information systems are not automatically records management compliant – they contain structured data that potentially constitutes part of a Commonwealth record but this does not by default contain the contextual information to ensure reliability, authenticity and usability. Further, legal recordkeeping retention and disposal requirements (beyond keeping backups of data) are usually not adequately catered for.

Before being authorised to store and manage records, all DFAT business information systems must be assessed by Corporate Records Section in consultation with relevant stakeholders as capable of managing the following processes as a minimum, in accordance with ISO 16175 - the international standard endorsed by the NAA for that purpose:

  • be capable of collecting all information required for the activity – it should be fit for purpose
  • be capable of capturing content, structure and context of the record
  • provide adequate and compliant storage of records
  • provide protection of record integrity and authenticity
  • ensure the security of records
  • be readily accessible to all staff who need to use the records contained within the system, for as long as the record is needed
  • undertake the disposal of records in accordance with approved disposal authorities
  • ensure the recoverability of records in the event of a disaster
  • ensure the availability of records in a useable format through technology changes and migration.

DFAT business information systems that store records (including email, SharePoint instances and a range of core business systems), and are not currently approved as records management compliant, should ensure that appropriate system backup regimes are in place. This is to ensure the day-to-day accessibility, retrieval and integrity of records as a minimum is maintained until the system has been assessed for records management functionality by Corporate Records Section and authorised to capture and manage records.

10. Ownership of Records

All records, irrespective of format (i.e. physical or electronic), created or received by all DFAT staff, in the course of their duties on behalf of DFAT, are the property of the Department and subject to its overall control. The only exceptions include if local jurisdiction legislation or a contract or other legally binding agreement is in place that specifically states otherwise.

11. Access to DFAT Records

Under provisions of the Archives Act 1983, Freedom of Information 1982 and Privacy Act 1988, records created in DFAT can be released to the public on request, if they meet certain criteria. Failure to maintain or locate reliable records when requested, may lead to lost revenue or excessive retrieval costs, legal action or reputational damage for DFAT.

Reforms to the Archives Act 1983 have resulted in bringing forward the ‘open access’ period to most records from 30 years to 20 years, which began on 1 January 2011 and will be phased in over a ten year period.

Reforms to the Freedom of Information Act 1982 promotes a pro-disclosure culture across government ensuring the public’s right to access records held by government agencies. It has simplified and narrowed the range of exemptions from access.

The Privacy Act 1988 governs the collection, use and disclosure of information about individuals to ensure that the information collected directly relates to an agency's functions. Under the Privacy Act, members of the public have the right to access records about themselves that are less than 30 years old.

DFAT is regularly served with subpoenas or orders for the discovery of documents that require the production of selected documents/records by a specified date. Where a critical time line is not met in this context, the relevant business area(s) and associated business processes and information systems will be examined for potential improvements in meeting response times through digital recordkeeping initiatives.

In accordance with the Continuing Order of the Senate – Indexed list of departmental and agency files, every six months DFAT must publish on the departmental website an indexed list of titles for files created in the head office of the department.

12. Security of Records

Information Security includes measures such as the application of the Australian Government security classification system, procedures for the handling, storage and disposal of official information, and information communications and technology controls. This policy should be read in conjunction with the Australian Government Protective Security Manual, the Australian Government Information Security Manual and the DFAT Security Manual.

It is the responsibility of staff to be familiar with these manuals and the general principles of handling and managing sensitive information, including the ‘need-to-know’ principle, and to apply them where relevant to their business and recordkeeping in accordance with other individual recordkeeping responsibilities as set out in Section 16 of this policy.

EDRMS users should note the following when creating, storing, retrieving, editing and circulating information in the system:

  • Users must ensure that they apply the correct security classification to each document at the time of creation, and save this document in an appropriate file container in the EDRMS. In the EDRMS, the access controls on the file are used as the default access control for a document. Only authorised staff may change the access control on a file.
  • Users should avoid restricting access to named officers, and instead use positions, roles or groups wherever practicable.
  • It is the responsibility of individual users to ensure that security and access controls on documents remain appropriate and in line with the need-to-know principle, as documents are edited, emailed, shared, and to cater for potential changes over time.
  • Documents should be sent within DFAT as a reference link from the EDRMS rather than as an attached document wherever practicable, allowing the EDRMS security and access controls to manage whether the recipient has access.
  • Material with a security classification higher than Unclassified must only be created and saved to files on Satin High.
  • Particular care should be given to the access controls applied to documents where privacy issues are involved.

13. Disposal, Deletion or Destruction of Records

It is an offence to dispose of, delete or destroy any Commonwealth record without authorisation from the NAA. Under the Archives Act 1983 and the Crimes Act 1914, DFAT records cannot be disposed of other than in accordance with the approved NAA disposal authorities. The disposal authorities relevant to DFAT are the Administrative Functions Disposal Authority (AFDA) and the Departmental Agency Functions Disposal Authority (DAFDA). The Assistant Secretary, ICT Services Branch (ISB) and delegated Corporate Records Section staff, are authorised by NAA to carry out disposal, deletion or destruction of records for DFAT.

Records created and received as part of DFAT’s business that are of ephemeral value and are not covered under a Records Authority can be considered for destruction using NAA’s Normal Administrative Practice (NAP) provisions. These records can be disposed of by the creator, using the appropriate method, without seeking formal authorisation. Specific guidance on application of the NAP can be found in the Records Management Manual and on the DFAT Intranet Records Management pages.

14. Legislation & Standards

Certain federal government legislation provides direction on the management of federal government records; this legislation (incorporating amendments) includes but is not limited to:

  • Archives Act 1983
  • Australian Information Commissioner Act 2010
  • Crimes Act 1914
  • Electronic Transactions Act 1999
  • Evidence Act 1995
  • Financial Framework (Supplementary Powers) Act 1997
  • Financial Framework Legislation Amendment Act 2010
  • Freedom of Information Act 1982
  • Privacy Act 1988
  • Public Governance, Performance and Accountability Act 2013
  • Public Service Act 1999.

DFAT is also committed to ensuring that its recordkeeping and business systems comply with existing established standards and major reports into recordkeeping in the Commonwealth such as:

  • Australian Standard for Records Management - AS ISO 15489 – 2009
  • Australian Standard for Managing Records in an Electronic Environment – ISO 16175
  • Australian Government Recordkeeping Metadata Standard
  • Australian Government’s Digital Transition Policy
  • Australian Government’s Digital Continuity Policy (including the Digital Continuity Plan)
  • Policies and Guidelines published and endorsed by NAA for Commonwealth agencies
  • Protective Security Policy Framework

Additionally, DFAT is responsible for administering a range of legislation that may include specific recordkeeping requirements. A list of this legislation can be found at Appendix C.

15. Monitoring and Review

This Policy requires recordkeeping practices and processes to be a significant feature of all business processes and systems. It is the responsibility of all staff, regardless of level, to contribute to sound recordkeeping practices. In order to ensure that the policy is effective, DFAT will monitor recordkeeping practices in a variety of ways to ensure the compliance of all departmental activities.

Corporate Records Section is the line area directly responsible for monitoring compliance with the departmental recordkeeping framework and high-level assessment of the department’s compliance with NAA benchmarks. This includes:

  • monitoring the capture and creation of records into the official recordkeeping system –EDRMS, in particular identifying areas that may not be fully or correctly creating and/or capturing records into the recordkeeping system
  • utilising NAA’s “Check-Up Digital” tool to identify areas of non-compliance and areas that need improvement to enhance capability to manage digital records and related information; results will be used as a benchmark for future compliance and strategic planning activities
  • monitoring business system compliance with ISO 16175
  • annually facilitating an external records management audit as directed by the DFAT Audit and Risk Committee

Posts undertake periodic reporting using the Self Assessment Manual (SAM). Reporting requirements and timeframes are dependent on the experience of the completing officer at post. Part of the SAM undertakes a self-assessment of compliance based on DFAT’s records management policies, and results are reviewed by Corporate Records Section.

In addition to each officer’s individual recordkeeping responsibilities, managers must ensure that their team is aware of their recordkeeping responsibilities as part of their daily functions. Managers should require all staff, including LES and contractors, to include an aspect of recordkeeping in their performance agreements, and should lead by example regarding recordkeeping practices and the creation, capture and management of records into the EDRMS or an authorised business information system.

16. Roles and Responsibilities

This section defines the duties and responsibilities of all DFAT staff with respect to recordkeeping.

16.1. Secretary

The Secretary is responsible for:

  • authorising and promulgating this policy
  • promoting compliance with this policy
  • supporting and fostering a culture of good recordkeeping in the department
  • nominating the Executive in charge of recordkeeping.

16.2. SES and non-SES managers, HOMs, HOPs and Regional Directors

SES and non-SES managers, HOMs, HOPs and Regional Directors are responsible for:

  • supporting and fostering a culture of good recordkeeping in DFAT
  • ensuring that officers under their management are aware of their responsibility to maintain accurate records of business
  • providing guidance to staff on managing security and access controls when dealing with security classified, staffing or sensitive records
  • ensuring staff are provided adequate time to undertake recordkeeping responsibilities
  • including the requirement to meet recordkeeping responsibilities in staff (including LES) performance agreements
  • implementing measures to monitor recordkeeping responsibility compliance and to address inadequacies in recordkeeping practices.

16.3. CIO, Information Management and Technology Division (IMD)

The Chief Information Officer is responsible for:

  • ensuring that recordkeeping policy and practices adopted by the department comply with DFAT’s obligations and responsibilities as a Commonwealth Government agency
  • ensuring that the technology used to support the systems that capture and keep records electronically are reliable, available and accessible to DFAT staff as required
  • implementing standards for business information systems that comply with NAA’s Standards and Guidelines for electronic recordkeeping, where warranted
  • incorporating electronic recordkeeping requirements (as outlined in Section 9) into business system operational and maintenance plans, and into design specifications when building, reviewing, upgrading or acquiring new business systems
  • providing assurance that back-up and recovery strategies adequately meet electronic recordkeeping storage requirements
  • the development and implementation, over time, of a comprehensive information management framework which incorporates records management.

16.4. Assistant Secretary, ICT Services Branch (ISB)

The Assistant Secretary ISB is responsible for:

  • ensuring this policy is reviewed and is up to date
  • ensuring that all DFAT staff are regularly reminded of their recordkeeping responsibilities
  • in consultation with CIO, authorising each business system managing records
  • ensuring DFAT adheres to appropriate record retention and disposal requirements
  • ensuring that the EDRMS is available, reliable and accessible to staff when required
  • supporting the implementation of EDRMS upgrades and enhancements, in compliance with DFAT’s ICT Change and Release Management processes
  • ensuring business systems comply with this policy and NAA’s electronic recordkeeping guidelines and requirements, including NAA-endorsed standards.

16.5. Corporate Records Section (COR)

COR is responsible for:

  • developing and implementing strategies to support this policy
  • supporting and fostering a culture of good recordkeeping in DFAT
  • creating and maintaining recordkeeping procedures with which compliance will be mandatory under this policy
  • delivering recordkeeping and EDRMS training, support and advice to all staff
  • maintaining, monitoring and reviewing the departmental recordkeeping system
  • providing support to EDRMS users through effective service desk support arrangements
  • promoting the effective use of the EDRMS
  • liaising with IT Support Staff to ensure the EDRMS is available, reliable and accessible to staff when required
  • liaising with IT Support Staff for the implementation of EDRMS upgrades and enhancements
  • ensuring that, as far as is practicable, records are kept and accessible for as long as required by DFAT staff, government and the public
  • measuring and monitoring compliance of business information systems that store records against ISO 16175 in coordination with IT and business area stakeholders
  • authorising business information systems to store records and/or associated metadata
  • managing the archiving and disposal of records over time
  • authorising, under delegation, the disposal/destruction of records.

16.6. Business System Owners

All owners of business information and transactional systems that store records and/or associated metadata must:

  • fully understand the recordkeeping obligations and responsibilities relating to their system(s) and associated business processes that they interact with or manage
  • adhere to DFAT’s policy, procedures and standards in creating and managing records in their system(s), including ensuring that their system(s) are scheduled for assessment of records management functionality compliance against ISO 16175: Part 3, and authorised as a system to create and manage records by COR
  • ensure that in the interim until their system(s) have been authorised by COR to create and manage records, appropriate system backup regimes are in place to guarantee the day-to-day accessibility, retrieval and integrity of records stored in their system; or records from the system stored in the EDRMS
  • in coordination with the CIO, incorporate electronic recordkeeping requirements (as outlined in Section 9) into system operational and maintenance plans, and into design specifications when building, reviewing, upgrading or acquiring new business systems
  • ensure that their system(s) do not facilitate deletion/destruction or disposal of records without the correct authorisation as set out in Section 13 of this policy, except through the appropriate application of NAP, also set out in Section 13 of this policy.

16.7. All DFAT Staff

All DFAT staff must:

  • understand the recordkeeping obligations and responsibilities relating to their position
  • adhere to DFAT’s policy, procedures and standards in maintaining records as required by their daily tasks
  • attend mandatory recordkeeping and EDRMS training
  • create and capture records in the EDRMS or authorised recordkeeping system
  • be familiar with the provisions for handling and managing sensitive and security classified information, including the ‘need-to-know’ principle, and to apply them where relevant to their business and recordkeeping practices
  • ensure that they do not destroy records without the correct authorisation, except through the appropriate application of NAP (refer to Section 13 of this policy)
  • include meeting recordkeeping responsibilities in performance agreements
  • be accountable for their actions and decision-making to the general public, Commonwealth Government and to DFAT’s Stakeholders.

17. Appendix

17.1. Appendix A: Glossary of Terms

Significant terms used in the Records Management Policy are defined or explained below.

Term

Definition ​​

Accountability

Based on the principle that individuals, organisations and the community are required to be accountable to others for their actions. Organisations and their employees must be able to account to appropriate regulatory authorities, shareholders or members, and to the public. This is required to meet statutory obligations, audit requirements, relevant standards, codes of practice, and community expectations.

Action Officer

Staff who conduct business on behalf of DFAT and record that business activity.

Activity

(Business Activity)

An umbrella term covering all the functions, processes, activities and transactions of an organisation and its employees.

All staff

This includes the following DFAT staff:

  • all DFAT staff, including non-ongoing staff
  • all LES, funded by DFAT appropriations
  • all contractors, and
  • all consultants and service providers engaged by DFAT.

Authorised Recordkeeping System

A system that stores DFAT’s Corporate records and associated information, and has been assessed by COR as complying with ISO 15489 and ISO 16175.

Refer to Section 9 of this policy for further detail.

Business Classification Scheme

A conceptual representation of the functions and activities performed by an organisation. The scheme is derived from the analysis of business activity.

Classification

Systematic identification and arrangement of business activities and/or records into categories according to logically structured conventions, methods, and procedural rules represented in a classification system.

Source: International Standard, ISO 15489, 2001, Part 1, Clause 3.6.

See also: Business Classification Scheme and Security Classification System.

COR

Corporate Records Section.

Commonwealth Record

Any official record of the activities of a Commonwealth Government department or agency.

See also: Corporate Record and Complete and Accurate Record(s).

Refer to Section 6 of this policy for further detail.

Complete and Accurate Record(s)

A complete and accurate record has characteristics that differentiate a record from other types of information and provide for a record to be admissible as evidence. These characteristics include that a record is:

  • compliant with the recordkeeping requirements arising from the regulatory and accountability environment in which the organisation operates
  • adequate for the purposes for which it is kept
  • complete – containing not only the content, but also the structural and contextual information necessary to document a transaction
  • meaningful – containing information and/or linkages that ensure the business context in which the record was created and used is apparent
  • comprehensive – documenting the complete range of the organisation's business for which evidence is required
  • accurate – to reflect the transactions that it documents
  • authentic – enabling proof that it is what it purports to be and that its purported creators did indeed create it
  • inviolate – securely maintained to prevent unauthorised access, alteration or removal.

Adapted from: Standards Australia, AS 4390, 1996, Part 3, Clause 5.3.

Conversion

Process of changing records from one medium to another or from one format to another.

Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.7.

Corporate Record

Information created, received, and maintained as information and evidence of the functions and activities performed by an organisation or person, in pursuance of legal obligations or in the transaction of business.

Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.15.

See also: Complete and Accurate Record(s).

Refer to Section 6 of this policy for further detail.

DCP

Digital Continuity Policy – whole-of-Government policy in support of ensuring that records and information are complete, available and useable by those who need it, for as long as required, but not kept for longer than needed.

Destruction

Process of eliminating or deleting records, beyond any possible reconstruction.

Source: International Standard, ISO 15489, 2001, Part 1, Clause 3.8.

Digital continuity

Ensuring that records and information are complete, available and useable by those who need it, for as long as required across technological, migration and governance changes, but not kept for longer than needed.

Digital record

A record that is communicated and maintained in a digital format. Same as an electronic record.

Digital transition

The transition from paper and other physical formats to digital formats.

Disposal

See Disposition.

Disposition

Range of processes associated with implementing records retention, destruction or transfer decisions which are documented in disposition authorities or other instruments.

Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.9.

Refer to Section 13 of this policy for further detail.

Document

Recorded information or an object that can be treated as a unit. A document becomes a record when it is registered into an authorised recordkeeping system with relevant associated metadata.

Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.10.

DTP

Digital Transition Policy – whole-of-Government policy in support of transitioning away from a predominantly paper-based records management environment to digital recordkeeping.

EDRMS

Electronic Document & Records Management System

Electronic Document

A document that is communicated and maintained in an electronic format.

Electronic Record

A record that is communicated and maintained in an electronic format. Same as a digital record.

File Number

A number attached to each file that serves as a unique identifier.

Function

The largest unit of business activity in an organisation or jurisdiction.

Instant Messaging (IM)

The act of communicating in near real-time via a computer network (e.g. a local area network, a wide area network or the Internet). IM differs from email in several regards relevant to recordkeeping, including:

  • Communication is delivered directly to the recipient rather than via the delayed mechanisms (server-to-server routing) used by email protocols,
  • IM packages allow users to “chat”, where each line of text is displayed as soon as it is typed, rather than needing to wait for a complete message to be delivered. Thus, email is like an electronic letter, while IM is more like an electronic telephone call.

In DFAT, IM is not currently configured to directly capture records or metadata for recordkeeping purposes. Capturing records from IM communications is therefore a manual process involving making a Note for File. As such, IM is not recommended to conduct business communications that potentially require a record to be kept.

Metadata

Structured data or other information that describes context, content and structure of records and their management through time. It allows users to find, manage, control, understand or preserve the information it relates to.

Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.12.

Migration

Act of removing records from one system to another, while maintaining the records’ authenticity, integrity, reliability and useability.

Source: International Standard, ISO 15489, 2001, Part 1, Clause 3.13.

Multimedia Message Service (MMS)

An extension of Short Message Service (SMS), by which users can transfer not only text but other kinds of material (images, video, audio) to mobile telephones.

NAA

National Archives of Australia

Naming Conventions

Standards relating to the structure of the ‘free text’ part when naming files (including punctuation, capitalisation, use of acronyms and abbreviations), and applied within the context of records management.

NAP

See Normal Administrative Practice

Normal Administrative Practice (NAP)

Normal Administrative Practice (NAP) is a provision under the Archives Act 1983 that permits the destruction of records that are not covered by a Records Authority. In general, this applies to records that are deemed to be:

  • Facilitative, transitory or short-term records,
  • Rough working papers and/or calculations,
  • Drafts not intended for further use or reference,
  • Copies of material retained for reference purposes only, or
  • Published material not forming an integral part of DFAT’s records.

Refer to Section 13 of this policy for further detail.

Preservation

Processes and operations involved in ensuring the technical and intellectual survival of authentic, complete and accurate records through time.

Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.14.

Record

See Corporate Record and Complete and Accurate Record(s).

Refer to Section 6 of this policy for further detail.

Recordkeeping

The making and maintaining of complete, accurate and reliable evidence of business transactions in the form of recorded information into the EDRMS or an authorised business system. This ‘recorded information’ includes the record itself and relevant associated metadata.

Recordkeeping includes:

  • The application of appropriate security and access controls to records on creation, and amending these controls as necessary during the lifetime of the record, to secure them from unauthorised access; and
  • ensuring that records are only destroyed with the correct authorisation, or through appropriate application of Normal Administrative Practice.

Adapted from: Standards Australia, AS 4390, Part 1, Clause 4.19; and Part 3, Foreword.

See also: Complete and Accurate Record(s), Metadata, Authorised Recordkeeping System, Normal Administrative Practice

Refer to the following sections of this policy for further detail as noted:

  • Section 6 provides detail regarding the definition of a record
  • Section 12 provides detail on record security and access controls
  • Section 13 provides detail regarding records disposal, destruction and application of Normal Administrative Practice.

Records management

The discipline and organisational function of efficiently and systematically controlling the creation, receipt, maintenance, use and disposition of records. This includes processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records, to meet operational business needs, accountability requirements and community expectations.

Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.16.

Records Manager

The person responsible for managing official Commonwealth records in DFAT using the recordkeeping System. Responsibilities include all processes from creation to disposal of official records and ensuring compliance with legal and administrative requirements.

Registration

Act of giving a record a unique identifier on its entry into a system.

Source: International Standard, ISO 15489, 2001, Part 1, Clause 3.18.

Scanning

The process of capturing an electronic image of a document for storage in an electronic document system.

Security Classification System

A set of procedures for identifying and protecting official information whose disclosure could have adverse consequences for the Commonwealth. The security classification system is implemented by assigning markings (such as 'Top Secret' or 'Protected') that show the value of the information and indicate the minimum level of protection it must be afforded.

Adapted from: Attorney-General’s Department, Commonwealth Protective Security Manual, Glossary.

Short Message Service (SMS)

A function available on most mobile telephones, which enables users to send brief typed text messages to other mobile telephones, and in some cases, other handheld computing devices such as personal organisers.

Social Media

An umbrella term for Internet-based tools for sharing and discussing information among people. It refers to user-generated information, opinion and other content shared and discussed over open digital networks. Social media may include (although is not limited to):

  • Social networking sites (e.g. Facebook, LinkedIn)
  • Instant messaging (e.g. Lync), podcasting and video on demand (VOD
  • Video and photo sharing websites (e.g. YouTube, Flickr)
  • Blogs and micro-blogs (e.g. Twitter) and Wikis (e.g. Wikipedia)

Refer to Section 6 of this policy for further detail.

Storage

The function of storing records for future retrieval and use.

Thesaurus

A (keyword) thesaurus provides control and consistency over the vocabulary used for titling and indexing of records.

Transfer

Change of location, custody, ownership and/or responsibility for records.

Source: International Standard, ISO 15489, 2001, Part 1, Clause 3.20.

TRIM

TRIM is the EDRMS records management software.

Transaction

The smallest unit of business activity. Uses of records are themselves transactions.

Video instant messaging

An extension of instant messaging which enables users to videoconference using an instant messaging program.

See also: Instant Messaging

Voicemail

A centralised method of managing telephone recorded messages for a group of telephones. In its most basic form, voicemail is simply a large-scale answering machine, but most modern systems have added functionality, allowing users to check messages remotely, forward messages to other voicemail boxes or mobile telephones, and personalise greetings for different callers.


17.2. Appendix B: Summary of Recordkeeping Legislation

Acts and Standards

Description

Archives Act 1983

The Archives Act 1983 officially established the National Archives of Australia. The Act empowers the Archives to preserve the archival resources of the Commonwealth (those records designated ‘national archives’) and defines their role in supporting and governing the creation and management of these records. The Act establishes the framework in which agencies must create, capture and manage their records including:

  • Imposing statutory obligations on all Government departments and agencies for the management of their records
  • Making it illegal to destroy or alter Commonwealth records without the permission of the Archives, unless otherwise stated by law
  • Creating a fundamental right of public access, bringing forward the ‘open access’ period to most records from 30 years to 20 years, which began on 1 January 2011 and will be phased in over a ten year period other than Cabinet notebooks and census information which have been reduced from 50 years to 30 years
  • Governing the retention and disposal of records.

Australian Information Commissioner Act 2010

The Australian Information Commissioner Act 2010 established the Office of the Australian Information Commissioner (OAIC). The OAIC has three sets of functions:

  • freedom of information
  • privacy
  • government and information policy

The OAIC aims to facilitate public access to government information and encourages agencies to proactively publish information.

Electronic Transaction Act 1999

The Electronic Transactions Act 1999 provides a regulatory framework that enables business and the community to use electronic communications in their dealings with government. The primary objective of the Act is to remove impediments that might prevent a person from using electronic communication to satisfy obligations under Commonwealth law.

Broadly, the Act provides that electronic communications and electronic forms of documents may be used to satisfy requirements or permissions, under Commonwealth laws, for a person to:

  • give information in writing
  • provide a handwritten signature
  • produce a document that is in the form of paper or other material
  • record information in writing
  • retain a document that is in the form of paper or other material
  • retain information that was the subject of an electronic communication

The Act provides for exemptions and it identifies conditions that must be met in order to maintain the integrity and accessibility of information.

Evidence Act 1995

The Evidence Act 1995 recognises the role of modern technologies in business and government. It abolishes the ‘original document’ rule and ensures that faxes, telexes and electronic communications may be admitted into evidence in all federal courts.

The Act defines a ‘document’ :

‘anything on which there is writing, anything on which there are marks, figures, symbols or perforations having a meaning for persons qualified to interpret them or anything from which sounds, images or writings can be reproduced with or without the aid of anything else.’

If the document in question is an ‘article or thing on or in which information is stored in such a way that it cannot be used by the court unless a device is used to retrieve, produce or collate it’, it is permissible to tender ‘a document that was or purports to have been produced by use of the device’.

To be admissible the record must be:

  • authentic - it must be clear that the record or document has not been altered or modified without authority;
  • complete and accurate; and
  • logically sequenced and arranged.

Freedom of Information Act 1982

The Freedom of Information Act 1982 provides that a person has a legally enforceable right to obtain access to a document of an agency or an official document of a Minister unless that document falls within one of the exemptions set out in the Act. Generally, exempt documents are those which must be kept confidential to protect essential public interests, personal or business information.

Under changes to the FOI Act 1982, agencies are required to publish agency plans as well as other specific categories of information.

ISO 15489

Records Management

The International Standard For Records Management - ISO 15489 provides strategies and operational guidelines for the implementation of records management practices and procedures in any organisation. The Standards are designed to help organisations create, capture and manage complete and accurate records to meet their business needs and legal requirements as well as to satisfy other stakeholder expectations. They apply to records in any format or media, created or received by any public or private organisation during the course of its activities.

The Standard has been used as guidance in preparation of these instructions.

ISO 16175

Principles and Functional Requirements for Records in Electronic Office Environments

ISO 16175 provides internationally agreed principles and functional requirements for software used to create digital information in office environments.

NAA has endorsed the use of ISO 16175 for use by Australian Government agencies to assess the records management functionality of a business information or transactional system.

Privacy Act 1988

The Privacy Act 1988 makes provision to protect the privacy of individuals and prevent the misuse of personal information about members of the public. It governs the collection, use and disclosure of information about individuals by Australian Government agencies to ensure that it is only used for purposes that relate directly to the functions or role of the agency. It specifies that the information agencies keep must be secure, accurate, relevant, complete, and not misleading. The Act also gives people a right to see records about themselves.

Records over 30 years old are exempt from the Privacy Act. Access to these records is controlled through the Archives Act 1983.

Public Governance, Performance and Accountability Act 2013

The Public Governance, Performance and Accountability Act 2013 includes specific provisions for Commonwealth entity records relating to governance and reporting, performance and accountability.


17.3. Appendix C: Legislation Administered by DFAT

Anti-Personnel Mines Convention Act 1998

Australian Centre for International Agricultural Research Act 1982

Australian Civilian Corps Act 2011

Australian Passports Act 2005

Australian Passports (Application of Fees) Act 2005

Australian Passports (Transitionals and Consequentials) Act 2005

Australian Trade Commission Act 1985

Australian Trade Commission (Transitional Provisions and Consequential Amendments) Act 1985

Autonomous Sanctions Act 2011

Charter of the United Nations Act 1945

Chemical Weapons (Prohibition) Act 1994

Comprehensive Nuclear Test-Ban Treaty Act 1998

Consular Fees Act 1955

Consular Privileges and Immunities Act 1972

Diplomatic and Consular Missions Act 1978

Diplomatic Privileges and Immunities Act 1967

Export Finance and Insurance Corporation Act 1991

Export Finance and Insurance Corporation (Transitional Provisions and Consequential Amendments) Act 1991

Export Market Development Grants Act 1997

Export Market Development Grants (Repeal and Consequential Provisions) Act 1997

Foreign Passports (Law Enforcement and Security) Act 2005

Intelligence Services Act 2001, except to the extent administered by the Prime Minister, the Attorney-General and the Minister for Defence

International Development Association Act 1960

International Fund for Agricultural Development Act 1977

International Organisations (Privileges and Immunities) Act 1963

Nauru Independence Act 1967

Nuclear Non-Proliferation (Safeguards) Act 1987

Nuclear Safeguards (Producers of Uranium Ore Concentrates) Charge Act 1993

Overseas Missions (Privileges and Immunities) Act 1995

Papua New Guinea Independence Act 1975

Papua New Guinea (Staffing Assistance) Act 1973, except to the extent administered by the Minister for Finance

Registration of Deaths Abroad Act 1984

Security Treaty (Australia, New Zealand and the United States of America) Act 1952

South Pacific Nuclear Free Zone Treaty Act 1986

Tourism Australia Act 2004

Tourism Australia (Repeal and Transitional Provisions) Act 2004

Trade Representatives Act 1933

United Nations Educational, Scientific and Cultural Organization Act 1947

United States Naval Communications Station Agreement Acts

US Free Trade Agreement Implementation Act 2004

Source: http://www.naa.gov.au/Images/AAO_23_December_2014_tcm16-83959.rtf

17.4. Appendix D: Potential Benefits of Digital Recordkeeping

Digital records management provides a number of efficiency and other benefits including improved corporate governance, improved business processes and reduced costs:

  • Improved access to and retrieval of relevant records and information - facilitates better-informed decision-making; better service delivery; fewer information silos; enhanced information sharing across the agency and between agencies; and potential for re-use of information by government and the Australian community.
  • Improved corporate governance - lower compliance costs and enhanced ability to provide accurate, timely and transparent responses to legislative and regulatory requirements. Australian Government agencies need to meet a range of legislative, regulatory and governance requirements. Managing records digitally strengthens corporate governance by helping agencies meet legal obligations and regulatory and governance requirements in an efficient and cost-effective way.
  • Legislative obligations - well-managed digital records support transparent, accurate and timely responses to applications under information access legislation or under subpoena. Under freedom of information reforms charges must be waived if a statutory time frame is not met, so quickly locating the right records can avoid a cost penalty. It is easier to publish digital information on websites, in keeping with Information Publication Scheme requirements, in formats that allow use and re-use.
  • Transparency and accountability - authoritative records provide evidence of, justify or explain actions or decisions. They substantiate responses to audit, official inquiry or other types of investigation. Records protect the democratic rights and entitlements of individuals and provide evidence of interactions between Australia's people and elected governments. Good digital management means records are trustworthy, authoritative and able to withstand scrutiny. Digital management provides accountability benefits that are difficult to duplicate in paper systems. Comprehensive and accurate audit trails not only help an understanding of communications, decisions and actions that have been carried out but also show when a record was created, accessed or amended and by whom.
  • Risk management - a well-managed digital information and records management program is a business and reputational risk mitigation strategy. The ability to demonstrate what and why decisions and actions were taken and how they were carried out reduces the risk of non-compliance due to incomplete or inaccurate records. Reduced reputational risks that can result when information cannot be found or is compromised through unauthorised access.
  • Business continuity - Digital records management will better support disaster recovery and business continuity. Managing information digitally allows off-site back-up of records which a paper-based system cannot easily offer. It also safeguards vital corporate information from loss, misuse, tampering and physical damage.
  • Records management cost savings - from less creation, storage, retrieval and handling of paper records.

Last Updated: 21 July 2014