Publications
Foreword
As a Commonwealth agency, DFAT has an obligation to
maintain good records of its business activities for legal and efficiency
purposes. Our records are vital assets that support our operations, enabling us
to access the information we require and to preserve our corporate memory. They
enable us to operate efficiently and to meet our accountability and compliance
requirements. Sound recordkeeping practices are essential for DFAT to be a
well-managed organisation. To these ends, the DFAT Records Management Strategic
Plan 2015-2019 provides the vision for the department's records management
program.
This policy supports the Strategic Plan and articulates
the policy framework which will be adopted within DFAT for managing
requirements for adequate recordkeeping of business activities and
decision-making. Individual recordkeeping responsibilities applying to all
staff and contractors are stipulated and mandatory. This policy supersedes all
previous recordkeeping and records management policies.
This policy establishes a framework for the creation,
capture, management and use of complete and accurate records in all formats,
however in accordance with the whole-of-Government Digital Transition Policy
the policy supports the transition from paper to digital recordkeeping. The
policy also endorses the principles of digital continuity for electronic
records to ensure that records are complete, available and useable for as long
as needed by all potential users, including for purposes beyond the intended
original use.
The potential benefits of digital recordkeeping are
broad-ranging, from individual to departmental level. At the individual level,
recordkeeping tasks including filing can potentially be automated and made
transparent to staff conducting their core business. Reduced time thinking how
and where to file or find a document, along with version control, ready access,
reusability and other benefits of working digitally, provides more time to
focus on core work. Where feasible, automated records capture also ensures that
they are created and managed appropriately. Potential benefits of digital
recordkeeping are outlined in detail at Appendix D of the policy.
A Records Management Manual supports this policy and
provides a single reference source for detailed instructions, procedures and
guidance on the management of specific types of records and use of the EDRMS.
The manual is located on the DFAT intranet so that it is accessible by all
staff and will be regularly updated.
Compliance with this policy is mandatory for all staff
including contractors. All officers working for the department have a
responsibility to follow this policy and to maintain sound recordkeeping
practices in their daily work.
Peter
Varghese
Secretary
Department
of Foreign Affairs and Trade
Table of Contents
- 1. Purpose
- 2. Policy Statement
- 3. Authority
- 4. Review Date
- 5. Scope
- 6. Definition of a Record
- 7. Digital Transition Policy
- 8. Digital Continuity Policy
- 9. Authorised Recordkeeping Systems
- 10. Ownership of Records
- 11. Access to DFAT Records
- 12. Security of Records
- 13. Disposal, Deletion or Destruction of Records
- 14. Legislation & Standards
- 15. Monitoring and Review
- 16. Roles and Responsibilities
- 16.1. Secretary
- 16.2. SES and non-SES managers, HOMs, HOPs and Regional Directors
- 16.3. CIO, Information Management and Technology Division (IMD)
- 16.4. Assistant Secretary, ICT Services Branch (ISB)
- 16.5. Corporate Records Section (COR)
- 16.6. Business System Owners
- 16.7. All DFAT Staff
- 17. Appendix
1.
Purpose
The purpose of this Records Management Policy is to
provide direction to staff for the creation, maintenance, storage and disposal
of records and associated metadata within the Department of Foreign Affairs and
Trade (DFAT).
This policy, together with the Strategic Plan for DFAT
Records Management 2015-2019, and the Records Management Manual, will ensure
that complete and accurate records of DFAT's business activities are available
and accessible for as long as required for operational, accountability and
compliance purposes. The detailed Records Management Manual supporting this
policy is intended to ensure that DFAT undertakes best practice records management
processes during the policy's period of application, specifically as the department
continues the transition from paper-based processes and recordkeeping to a
predominantly electronic recordkeeping environment.
This policy replaces the DFAT Recordkeeping Policy dated 9
August 2012.
2.
Policy Statement
DFAT's
records are its corporate memory and a vital asset for ongoing accountability.
Good recordkeeping is critical to corporate governance and operational
efficiency, provides essential evidence of business activities and
transactions, and demonstrates accountability and transparency in DFAT's
decision-making processes.
DFAT
is committed to implementing and maintaining best practice recordkeeping
policy, practice and procedure.
DFAT recognises its legislative and regulatory
requirements as a Commonwealth agency under the Archives Act 1983. It
is committed to meeting the principles and practices set out in the following
whole-of-Government policies and standards endorsed by the National Archives of
Australia (NAA):
- the whole-of-Government Digital Transition Policy (DTP)
- the whole-of-Government Digital Continuity Policy (DCP)
- the International and Australian Standard for Records Management (ISO 15489)
- the Australian Government Recordkeeping Metadata Standard (AGRkMS)
- the Principles and Functional Requirements for Records in
Electronic Environments (ISO 16175).
All staff within DFAT, including
locally engaged staff (LES) and contractors, are responsible for recordkeeping.
All staff must, therefore, be aware of their obligations under this policy and
take reasonable action to ensure ongoing compliance. Non-compliance with the
recordkeeping policy may result in action, ranging from counselling to formal
disciplinary proceedings.
Records
created in DFAT must be complete and accurate, as defined in ISO 15489. They
must:
- enable current and future DFAT staff to take appropriate action, and make well-founded decisions based on the records in their day to day operations
- enable an authorised person to examine the conduct of DFAT business
- protect the financial, legal and other rights of DFAT
- protect people affected by DFAT's actions and decisions.
3.
Authority
This policy has been approved by the Secretary, DFAT and
is the authority for recordkeeping and records management within DFAT. It shall
remain valid until such time as amended, revoked or otherwise superseded by the
direct authority of the Secretary.
4.
Review Date
This policy is due for review in 2017 in line with the mid-point
of the Strategic Plan for DFAT Records Management 2015 – 2019.
5.
Scope
This policy applies to all records and associated metadata
from the time of creation or capture and covers:
- all DFAT staff, regardless of employment type
- all aspects of DFAT's business operations
- all types and formats of records created to support business activities
- all business applications used to create records
- organisations and businesses,
including their employees, to which DFAT has outsourced its functions or
activities, and therefore associated recordkeeping responsibilities.
This policy does not relate to records created by any
other agencies, except where they form part of a DFAT business transaction.
6.
Definition of a Record
Records are evidence of
business conducted by an organisation. Any
reference to a record in this policy refers to records in any format as defined
in the Archives Act 1983. The Glossary of Terms at Appendix A includes Complete
and Accurate Record(s), which highlights characteristics that differentiate a
record from other types of information and provide for a record to be
admissible as evidence.
DFAT
staff are responsible for keeping a record of business transactions conducted
as part of their duties for the department. Examples of business transactions
include documenting actions, events, conversations or other transactions where
they provide evidence of formal advice or directions, or significant decisions.
Records can be in any format. This includes but is not limited to:
- Hard copy or electronic documents – e.g. Word, Excel, Power Point
- Paper or electronic files – e.g. EDRMS containers
- Electronic messaging – e.g. Email, voicemail, instant messaging (including Lync), SMS (short message service), multimedia message service (MMS)
- Social media – e.g. Twitter, Facebook, LinkedIn, blogs, wikis, discussion boards/forums
- Web content – e.g. public websites, intranet
- Photographs – e.g. official photographs documenting business activities, Flickr
- Videos – e.g. YouTube, Vimeo, video conferencing, teleconferencing, video instant messaging and podcasts
- Data in business systems – e.g. PeopleSoft, SAP, AidWorks, PICS (Passport Issue and Control System), CIS (Consular Information System, and CMIS legacy records)
- Models, plans and architectural
drawings
SharePoint and social media are
relatively new forms of collaboration and communication for the department. Staff
who use these tools for their work should be aware that content published in
this media may constitute a record as defined in this policy. Advice documents issued by the Corporate Records Section
regarding the capture of records and associated metadata, from communications
conducted via social media platforms, are provided on the intranet and are to
be followed.
For
a record in digital format to be meaningful and to serve as admissible evidence
of a business transaction, associated metadata needs to be captured or created
with the record to provide adequate context and to support its authenticity and
management over time. Along with other provisions, as set out in the relevant
areas of this policy, minimum metadata standards set by the NAA in the Australian
Government Recordkeeping Metadata Standard are to be met. This will help to
ensure that DFAT's business, accountability and archival requirements are met
in a systematic and consistent way, and that digital records are described, reliable,
meaningful, admissible as evidence, accessible, sharable and re-usable for as
long as they need to be retained.
7.
Digital Transition Policy
In line with the Government's DTP, DFAT is transitioning
away from a predominantly paper-based records management system to digital
recordkeeping, primarily for efficiency purposes. This means the majority of
DFAT's records will be created, stored and managed digitally, and where feasible
paper records will be scanned to reduce the number of paper files.
Where paper files that are overdue for disposal exist,
sentencing and disposal will be conducted as resources permit using records authorities
issued by the NAA to reduce paper-based holdings.
Hybrid files (containing paper and digital records) will
be phased out through the archiving process during the current Records
Management Strategic Plan period (2015-2019). To ensure business, accountability
and archival requirements are adequately catered for, a review of active hybrid
files and remediation action will be conducted by Corporate Records Section in
coordination with relevant stakeholders (eg. business area, system and process
owners) as required. In light of the DTP, no hybrid files are to be created in
DFAT from the date of the publication of this policy.
New or reviewed business systems and processes must be
designed to support digital recordkeeping, including automated/transparent
records capture, as far as practicably possible.
Advice documents issued
by the Corporate Records Section regarding the creation of authentic, complete
and accessible image copies of records, and the compliant management of the
original document after scanning, is to be followed. This advice includes:
- coverage of technical and legislative requirements to preserve official records of enduring evidential or informational value for future reference
- an outline of the existing legal framework in the Australian Federal Government jurisdiction that supports tendering digital images of records for legal proceedings or for other evidentiary purposes
- how to manage and dispose of source records after they have been scanned
- exclusions regarding records that have
been designated to be always retained in original format, and/or source records
that cannot be destroyed after scanning.
Exceptions to the creation of, conversion to and
management of records (files and documents) in digital format (including hybrid
files) require a business case to do so and/or authorisation from the Director,
Corporate Records Section (COR).
8.
Digital Continuity Policy
In line with the Government's DCP, developed to build on
the foundations of the DTP, DFAT is embracing an approach to keeping and
managing digital records and associated metadata to ensure that they are
complete, available and can be used for as long as needed, including beyond
their original business use.
The
DCP requires that:
- records and information created are complete, accurate, up-to-date, discoverable and usable by those with legitimate need, interoperable across the Commonwealth, and available and usable for as long as needed and not kept any longer than required
- business transactions and decisions are recorded digitally, using digital authorisations and workflows by default wherever possible
- business systems creating, capturing and/or managing records protect information from unauthorised alteration, deletion or misuse, and comply with ISO 16175
- minimum metadata standards set by the NAA are met to ensure that digital content is described, sharable, admissible as evidence and re-usable
- standard professional information and records management specialist qualifications, skills and capabilities set by the NAA are met
- DFAT reports annually to the NAA on
progress in digital information management capabilities and maturity.
9.
Authorised Recordkeeping Systems
The EDRMS is the primary recordkeeping system for DFAT for
the management of both physical and electronic records (documents and
files/containers) along with the required associated metadata.
DFAT records (irrespective of format) stored in shared
drives, personal drives, email folders, SharePoint sites, the Cloud, local
applications, cabinets, workstations and on backup disks or drives are not
compliant with DFAT's recordkeeping obligations.
These drives and locations do not capture sufficient
metadata to meet the legal recordkeeping retention and disposal requirements,
and/or do not allow records to be widely searchable or accessible to all who
need them, are not authenticated and are not secure from alteration or
deletion.
This business information remains non-compliant until it
is registered as a record in the EDRMS or an authorised business system (assessed
for records management functionality against ISO 16175 and approved by the
Director, Corporate Records Section), as required.
Shared network drives are not authorised for the storage
and management of records. Records are not to be stored on shared network
drives without approval from the Director, Corporate Records Section, based on
a business case that justifies doing so.
A Business Information System is an information reporting
and/or transaction system used within DFAT. Business information systems are
not automatically records management compliant – they contain structured data
that potentially constitutes part of a Commonwealth record but this does not by
default contain the contextual information to ensure reliability, authenticity
and usability. Further, legal recordkeeping retention and disposal requirements
(beyond keeping backups of data) are usually not adequately catered for.
Before being authorised to store and manage records, all DFAT
business information systems must be assessed by Corporate Records Section in
consultation with relevant stakeholders as capable of managing the following
processes as a minimum, in accordance with ISO 16175 - the international
standard endorsed by the NAA for that purpose:
- be capable of collecting all information required for the activity – it should be fit for purpose
- be capable of capturing content, structure and context of the record
- provide adequate and compliant storage of records
- provide protection of record integrity and authenticity
- ensure the security of records
- be readily accessible to all staff who need to use the records contained within the system, for as long as the record is needed
- undertake the disposal of records in accordance with approved disposal authorities
- ensure the recoverability of records in the event of a disaster
- ensure the availability of records
in a useable format through technology changes and migration.
DFAT business
information systems that store records (including email, SharePoint instances
and a range of core business systems), and are not currently approved as
records management compliant, should ensure that appropriate system backup
regimes are in place. This is to ensure the day-to-day accessibility, retrieval
and integrity of records as a minimum is maintained until the system has been
assessed for records management functionality by Corporate Records Section and
authorised to capture and manage records.
10.
Ownership of Records
All records, irrespective of format (i.e. physical or
electronic), created or received by all DFAT staff, in the course of their
duties on behalf of DFAT, are the property of the Department and subject to its
overall control. The only exceptions include if local jurisdiction legislation
or a contract or other legally binding agreement is in place that specifically states
otherwise.
11.
Access to DFAT Records
Under provisions of the Archives Act
1983, Freedom of Information 1982 and Privacy Act 1988, records created in
DFAT can be released to the public on request, if they meet certain criteria. Failure
to maintain or locate reliable records when requested, may lead to lost revenue
or excessive retrieval costs, legal action or reputational damage for DFAT.
Reforms to the Archives Act 1983 have
resulted in bringing forward the 'open access' period to most records from 30
years to 20 years, which began on 1 January 2011 and will be phased in over a
ten year period.
Reforms to the Freedom of Information Act
1982 promotes a pro-disclosure culture across government ensuring the
public's right to access records held by government agencies. It has simplified
and narrowed the range of exemptions from access.
The Privacy Act 1988 governs the collection, use and disclosure of
information about individuals to ensure that the information collected directly
relates to an agency's functions. Under the Privacy Act, members of the
public have the right to access records about themselves that are less
than 30 years old.
DFAT is regularly served with subpoenas or
orders for the discovery of documents that require the production of selected documents/records
by a specified date. Where a critical time line is not met in this context, the
relevant business area(s) and associated business processes and information
systems will be examined for potential improvements in meeting response times through
digital recordkeeping initiatives.
In
accordance with the Continuing Order of the Senate – Indexed list
of departmental and agency files, every six months DFAT must publish on the
departmental website an indexed list of titles for files created in the head
office of the department.
12.
Security of Records
Information
Security includes measures such as the application of the Australian Government
security classification system, procedures for the handling, storage and
disposal of official information, and information communications and technology
controls. This policy should be read in conjunction with the Australian
Government Protective Security Manual, the Australian Government Information
Security Manual and the DFAT Security Manual.
It
is the responsibility of staff to be familiar with these manuals and the
general principles of handling and managing sensitive information, including
the 'need-to-know' principle, and to apply them where relevant to their
business and recordkeeping in accordance with other individual recordkeeping
responsibilities as set out in Section 16 of this policy.
EDRMS users should note the following when creating,
storing, retrieving, editing and circulating information in the system:
- Users must ensure that they apply the correct security classification to each document at the time of creation, and save this document in an appropriate file container in the EDRMS. In the EDRMS, the access controls on the file are used as the default access control for a document. Only authorised staff may change the access control on a file.
- Users should avoid restricting access to named officers, and instead use positions, roles or groups wherever practicable.
- It is the responsibility of individual users to ensure that security and access controls on documents remain appropriate and in line with the need-to-know principle, as documents are edited, emailed, shared, and to cater for potential changes over time.
- Documents should be sent within DFAT as a reference link from the EDRMS rather than as an attached document wherever practicable, allowing the EDRMS security and access controls to manage whether the recipient has access.
- Material with a security classification higher than Unclassified must only be created and saved to files on Satin High.
- Particular care should be given to
the access controls applied to documents where privacy issues are involved.
13.
Disposal, Deletion or Destruction of Records
It is an offence to dispose of, delete or destroy any
Commonwealth record without authorisation from the NAA. Under the Archives
Act 1983 and the Crimes Act 1914, DFAT records cannot be disposed of
other than in accordance with the approved NAA disposal authorities. The
disposal authorities relevant to DFAT are the Administrative Functions
Disposal Authority (AFDA) and the Departmental Agency Functions Disposal
Authority (DAFDA). The Assistant
Secretary, ICT Services Branch (ISB) and delegated Corporate Records Section
staff, are authorised by NAA to carry out disposal, deletion or destruction of records
for DFAT.
Records
created and received as part of DFAT's business that are of ephemeral value and
are not covered under a Records Authority can be considered for destruction
using NAA's Normal Administrative Practice (NAP) provisions. These records can
be disposed of by the creator, using the appropriate method, without seeking
formal authorisation. Specific guidance on application of the NAP can be found
in the Records Management Manual and on the DFAT Intranet Records Management
pages.
14.
Legislation & Standards
Certain federal government legislation provides direction
on the management of federal government records; this legislation (incorporating
amendments) includes but is not limited to:
- Archives Act 1983
- Australian Information Commissioner Act 2010
- Crimes Act 1914
- Electronic Transactions Act 1999
- Evidence Act 1995
- Financial Framework (Supplementary Powers) Act 1997
- Financial Framework Legislation Amendment Act 2010
- Freedom of Information Act 1982
- Privacy Act 1988
- Public Governance, Performance and Accountability Act 2013
- Public Service Act 1999.
DFAT is also committed to
ensuring that its recordkeeping and business systems comply with existing
established standards and major reports into recordkeeping in the Commonwealth
such as:
- Australian Standard for Records Management - AS ISO 15489 – 2009
- Australian Standard for Managing Records in an Electronic Environment – ISO 16175
- Australian Government Recordkeeping Metadata Standard
- Australian Government's Digital Transition Policy
- Australian Government's Digital Continuity Policy (including the Digital Continuity Plan)
- Policies and Guidelines published and endorsed by NAA for Commonwealth agencies
- Protective Security Policy
Framework
Additionally,
DFAT is responsible for administering a range of legislation that may include
specific recordkeeping requirements. A list of this legislation can be found at
Appendix C.
15.
Monitoring and Review
This Policy requires recordkeeping practices and processes
to be a significant feature of all business processes and systems. It is the
responsibility of all staff, regardless of level, to contribute to sound
recordkeeping practices. In order to ensure that the policy is effective, DFAT
will monitor recordkeeping practices in a variety of ways to ensure the
compliance of all departmental activities.
Corporate Records Section is the line area directly
responsible for monitoring compliance with the departmental recordkeeping
framework and high-level assessment of the department's compliance with NAA
benchmarks. This includes:
- monitoring the capture and creation of records into the official recordkeeping system –EDRMS, in particular identifying areas that may not be fully or correctly creating and/or capturing records into the recordkeeping system
- utilising NAA's "Check-Up Digital" tool to identify areas of non-compliance and areas that need improvement to enhance capability to manage digital records and related information; results will be used as a benchmark for future compliance and strategic planning activities
- monitoring business system compliance with ISO 16175
- annually facilitating an external
records management audit as directed by the DFAT Audit and Risk Committee
Posts undertake periodic reporting using the Self
Assessment Manual (SAM). Reporting requirements and timeframes are dependent on
the experience of the completing officer at post. Part of the SAM undertakes a
self-assessment of compliance based on DFAT's records management policies, and
results are reviewed by Corporate Records Section.
In addition to each officer's individual recordkeeping
responsibilities, managers must ensure that their team is aware of their
recordkeeping responsibilities as part of their daily functions. Managers
should require all staff, including LES and contractors, to include an aspect
of recordkeeping in their performance agreements, and should lead by example
regarding recordkeeping practices and the creation, capture and management of
records into the EDRMS or an authorised business information system.
16.
Roles and Responsibilities
This section defines the duties and responsibilities of all
DFAT staff with respect to recordkeeping.
16.1.
Secretary
The
Secretary is responsible for:
- authorising and promulgating this policy
- promoting compliance with this policy
- supporting and fostering a culture of good recordkeeping in the department
- nominating the Executive in charge
of recordkeeping.
16.2.
SES and non-SES managers, HOMs, HOPs and Regional Directors
SES
and non-SES managers, HOMs, HOPs and Regional Directors are responsible for:
- supporting and fostering a culture of good recordkeeping in DFAT
- ensuring that officers under their management are aware of their responsibility to maintain accurate records of business
- providing guidance to staff on managing security and access controls when dealing with security classified, staffing or sensitive records
- ensuring staff are provided adequate time to undertake recordkeeping responsibilities
- including the requirement to meet recordkeeping responsibilities in staff (including LES) performance agreements
- implementing measures to monitor recordkeeping
responsibility compliance and to address inadequacies in recordkeeping
practices.
16.3.
CIO, Information Management and
Technology Division (IMD)
The
Chief Information Officer is responsible for:
- ensuring that recordkeeping policy and practices adopted by the department comply with DFAT's obligations and responsibilities as a Commonwealth Government agency
- ensuring that the technology used to support the systems that capture and keep records electronically are reliable, available and accessible to DFAT staff as required
- implementing standards for business information systems that comply with NAA's Standards and Guidelines for electronic recordkeeping, where warranted
- incorporating electronic recordkeeping requirements (as outlined in Section 9) into business system operational and maintenance plans, and into design specifications when building, reviewing, upgrading or acquiring new business systems
- providing assurance that back-up and recovery strategies adequately meet electronic recordkeeping storage requirements
- the development and
implementation, over time, of a comprehensive information management framework
which incorporates records management.
16.4.
Assistant Secretary, ICT Services Branch (ISB)
The
Assistant Secretary ISB is responsible for:
- ensuring this policy is reviewed and is up to date
- ensuring that all DFAT staff are regularly reminded of their recordkeeping responsibilities
- in consultation with CIO, authorising each business system managing records
- ensuring DFAT adheres to appropriate record retention and disposal requirements
- ensuring that the EDRMS is available, reliable and accessible to staff when required
- supporting the implementation of EDRMS upgrades and enhancements, in compliance with DFAT's ICT Change and Release Management processes
- ensuring business systems comply
with this policy and NAA's electronic
recordkeeping guidelines and requirements, including NAA-endorsed standards.
16.5.
Corporate Records Section (COR)
COR
is responsible for:
- developing and implementing strategies to support this policy
- supporting and fostering a culture of good recordkeeping in DFAT
- creating and maintaining recordkeeping procedures with which compliance will be mandatory under this policy
- delivering recordkeeping and EDRMS training, support and advice to all staff
- maintaining, monitoring and reviewing the departmental recordkeeping system
- providing support to EDRMS users through effective service desk support arrangements
- promoting the effective use of the EDRMS
- liaising with IT Support Staff to ensure the EDRMS is available, reliable and accessible to staff when required
- liaising with IT Support Staff for the implementation of EDRMS upgrades and enhancements
- ensuring that, as far as is practicable, records are kept and accessible for as long as required by DFAT staff, government and the public
- measuring and monitoring compliance of business information systems that store records against ISO 16175 in coordination with IT and business area stakeholders
- authorising business information systems to store records and/or associated metadata
- managing the archiving and disposal of records over time
- authorising, under delegation, the
disposal/destruction of records.
16.6.
Business System Owners
All
owners of business information and transactional systems that store records
and/or associated metadata must:
- fully understand the recordkeeping obligations and responsibilities relating to their system(s) and associated business processes that they interact with or manage
- adhere to DFAT's policy, procedures and standards in creating and managing records in their system(s), including ensuring that their system(s) are scheduled for assessment of records management functionality compliance against ISO 16175: Part 3, and authorised as a system to create and manage records by COR
- ensure that in the interim until their system(s) have been authorised by COR to create and manage records, appropriate system backup regimes are in place to guarantee the day-to-day accessibility, retrieval and integrity of records stored in their system; or records from the system stored in the EDRMS
- in coordination with the CIO, incorporate electronic recordkeeping requirements (as outlined in Section 9) into system operational and maintenance plans, and into design specifications when building, reviewing, upgrading or acquiring new business systems
- ensure that their system(s) do not
facilitate deletion/destruction or disposal of records without the correct
authorisation as set out in Section 13 of this policy, except through the
appropriate application of NAP, also set out in Section 13 of this policy.
16.7.
All DFAT Staff
All
DFAT staff must:
- understand the recordkeeping obligations and responsibilities relating to their position
- adhere to DFAT's policy, procedures and standards in maintaining records as required by their daily tasks
- attend mandatory recordkeeping and EDRMS training
- create and capture records in the EDRMS or authorised recordkeeping system
- be familiar with the provisions
for handling and managing sensitive and security classified information,
including the 'need-to-know' principle, and to apply them where relevant to
their business and recordkeeping practices - ensure that they do not destroy records without the correct authorisation, except through the appropriate application of NAP (refer to Section 13 of this policy)
- include meeting recordkeeping responsibilities in performance agreements
- be accountable for their actions
and decision-making to the general public, Commonwealth Government and to
DFAT's Stakeholders.
17.
Appendix
17.1.
Appendix A: Glossary of Terms
Significant terms used in the Records
Management Policy are defined or explained below.
Term |
Definition |
---|---|
Accountability |
Based on the |
Action Officer |
Staff who |
Activity (Business |
An umbrella |
All staff |
This includes
|
Authorised |
A system that Refer to Section |
Business |
A conceptual |
Classification |
Systematic Source: See also: |
COR |
Corporate |
Commonwealth |
Any official See also: Corporate Refer to Section |
Complete and |
A complete and
Adapted from: |
Conversion |
Process of Adapted from: |
Corporate |
Information Adapted from: See also: Complete Refer to Section |
DCP |
Digital |
Destruction |
Process of Source: |
Digital |
Ensuring that |
Digital record |
A record that |
Digital |
The transition |
Disposal |
See |
Disposition |
Range of Adapted from: Refer to Section |
Document |
Recorded Adapted from: International |
DTP |
Digital |
EDRMS |
Electronic |
Electronic |
A document that |
Electronic |
A record that |
File Number |
A number |
Function |
The largest |
Instant |
The act of communicating in near real-time via a
In DFAT, IM is not currently configured to directly |
Metadata |
Structured data Adapted from: International |
Migration |
Act of removing Source: |
Multimedia |
An extension of |
NAA |
National |
Naming |
Standards |
NAP |
See Normal |
Normal |
Normal
Refer to |
Preservation |
Processes and Adapted from: |
Record |
See Corporate Refer to Section |
Recordkeeping |
The making and Recordkeeping includes:
Adapted from: See also: Refer to the
|
Records |
The discipline Adapted from: |
Records Manager |
The person |
Registration |
Act of giving a Source: |
Scanning |
The process of |
Security |
A set of Adapted from: |
Short Message |
A function |
Social Media |
An umbrella
Refer to |
Storage |
The function of |
Thesaurus |
A (keyword) |
Transfer |
Change of Source: |
TRIM |
TRIM is the EDRMS |
Transaction |
The smallest |
Video instant |
An extension of See also: |
Voicemail |
A centralised |
17.2.
Appendix B: Summary of Recordkeeping Legislation
Acts and Standards |
Description |
---|---|
The Archives Act 1983 officially established
|
|
Australian |
The Australian
The OAIC aims to facilitate |
Electronic |
The Electronic Broadly, the Act provides
The Act provides for |
The Evidence Act 1995 recognises the role of modern technologies in The Act defines a 'document' 'anything on which there is writing, anything on which If the document in question To be admissible the record must be:
|
|
The Freedom of Information Act 1982 provides that a Under changes to the FOI |
|
ISO 15489 Records Management |
The International Standard For Records Management - ISO 15489 provides The Standard has been used |
ISO 16175 Principles and |
ISO 16175 provides internationally agreed principles and NAA has endorsed the use of |
The Privacy Act Records over 30 years old |
|
Public Governance, |
The Public |
17.3.
Appendix C: Legislation Administered by DFAT
Anti-Personnel
Mines Convention Act 1998
Australian
Centre for International Agricultural Research Act 1982
Australian
Civilian Corps Act 2011
Australian
Passports Act 2005
Australian
Passports (Application of Fees) Act 2005
Australian
Passports (Transitionals and Consequentials) Act 2005
Australian
Trade Commission Act 1985
Australian
Trade Commission (Transitional Provisions and Consequential Amendments) Act
1985
Autonomous
Sanctions Act 2011
Charter
of the United Nations Act 1945
Chemical
Weapons (Prohibition) Act 1994
Comprehensive
Nuclear Test-Ban Treaty Act 1998
Consular
Fees Act 1955
Consular
Privileges and Immunities Act 1972
Diplomatic
and Consular Missions Act 1978
Diplomatic
Privileges and Immunities Act 1967
Export
Finance and Insurance Corporation Act 1991
Export
Finance and Insurance Corporation (Transitional Provisions and Consequential
Amendments) Act 1991
Export
Market Development Grants Act 1997
Export
Market Development Grants (Repeal and Consequential Provisions) Act 1997
Foreign
Passports (Law Enforcement and Security) Act 2005
Intelligence
Services Act 2001, except to the extent administered by the Prime Minister, the Attorney-General and the Minister for Defence
International
Development Association Act 1960
International
Fund for Agricultural Development Act 1977
International
Organisations (Privileges and Immunities) Act 1963
Nauru
Independence Act 1967
Nuclear
Non-Proliferation (Safeguards) Act 1987
Nuclear
Safeguards (Producers of Uranium Ore Concentrates) Charge Act 1993
Overseas
Missions (Privileges and Immunities) Act 1995
Papua
New Guinea Independence Act 1975
Papua
New Guinea (Staffing Assistance) Act 1973, except to the extent administered by
the Minister for Finance
Registration
of Deaths Abroad Act 1984
Security
Treaty (Australia, New Zealand and the United States of America) Act 1952
South
Pacific Nuclear Free Zone Treaty Act 1986
Tourism
Australia Act 2004
Tourism
Australia (Repeal and Transitional Provisions) Act 2004
Trade
Representatives Act 1933
United
Nations Educational, Scientific and Cultural Organization Act 1947
United
States Naval Communications Station Agreement Acts
US
Free Trade Agreement Implementation Act 2004
Source: http://www.naa.gov.au/Images/AAO_23_December_2014_tcm16-83959.rtf
17.4.
Appendix D: Potential Benefits of Digital Recordkeeping
Digital records
management provides a number of efficiency and other benefits including
improved corporate governance, improved business processes and reduced costs:
- Improved access to and retrieval of relevant records and information - facilitates better-informed decision-making; better service delivery; fewer information silos; enhanced information sharing across the agency and between agencies; and potential for re-use of information by government and the Australian community.
- Improved corporate governance - lower compliance costs and enhanced ability to provide accurate, timely and transparent responses to legislative and regulatory requirements. Australian Government agencies need to meet a range of legislative, regulatory and governance requirements. Managing records digitally strengthens corporate governance by helping agencies meet legal obligations and regulatory and governance requirements in an efficient and cost-effective way.
- Legislative obligations - well-managed digital records support transparent, accurate and timely responses to applications under information access legislation or under subpoena. Under freedom of information reforms charges must be waived if a statutory time frame is not met, so quickly locating the right records can avoid a cost penalty. It is easier to publish digital information on websites, in keeping with Information Publication Scheme requirements, in formats that allow use and re-use.
- Transparency and accountability - authoritative records provide evidence of, justify or explain actions or decisions. They substantiate responses to audit, official inquiry or other types of investigation. Records protect the democratic rights and entitlements of individuals and provide evidence of interactions between Australia's people and elected governments. Good digital management means records are trustworthy, authoritative and able to withstand scrutiny. Digital management provides accountability benefits that are difficult to duplicate in paper systems. Comprehensive and accurate audit trails not only help an understanding of communications, decisions and actions that have been carried out but also show when a record was created, accessed or amended and by whom.
- Risk management - a well-managed digital information and records management program is a business and reputational risk mitigation strategy. The ability to demonstrate what and why decisions and actions were taken and how they were carried out reduces the risk of non-compliance due to incomplete or inaccurate records. Reduced reputational risks that can result when information cannot be found or is compromised through unauthorised access.
- Business continuity - Digital records management will better support disaster recovery and business continuity. Managing information digitally allows off-site back-up of records which a paper-based system cannot easily offer. It also safeguards vital corporate information from loss, misuse, tampering and physical damage.
-
Records management cost savings - from less creation, storage, retrieval and handling of paper
records.