Records Management Governance Policy and Procedure
- 1 Purpose
- 2 Scope
- 3 Policy Statement
- 4 Procedures - Management of USQ Records
- 4.1 Security Framework
- 4.2 Roles and Responsibilities
- 4.3 Records Management System
- 4.4 Records Creation and Capture
- 4.5 Access to Records
- 4.6 Information Privacy
- 4.7 Right to Information
- 4.8 Business Classification Scheme
- 4.9 Disposal of Records
- 4.10 Records of Continuing (Permanent) Value
- 4.11 Archiving of Records
- 4.12 Records Storage
- 4.13 Disaster Recovery and Business Continuity
- 4.14 Staff Leaving Employment
- 4.15 Training
- 4.16 Audit and Review
- 4.17 Penalties and Discipline
- 4.18 Policy Monitoring and Review
- 5 References
- 6 Schedules
- 7 Policy Information
This policy outlines the direction, scope, and approach to the records management environment at USQ. This policy will continue to be reviewed and evaluated in line with changes to business processes and compliance requirements.
This policy applies equally to all USQ employees, contractors and consultants, all aspects of the University's operations, all records created or received in any format to support USQ business activities and all business applications used to create, manage and access records.
3 Policy Statement
Corporate Records is committed to assisting the University of Southern Queensland meet its statutory and legal obligations by administering its records in a lawful, ethical, and cost-effective manner. To achieve this objective, Corporate Records will endeavour to:
- adhere to all legal and legislative requirements relevant to records management;
- satisfy the Queensland Government's mandatory information standards and policies relevant to records management; and
- implement and review records management systems, policy, procedures and business practices to provide a USQ strategic and operational recordkeeping framework.
In pursuing these objectives, Corporate Records personnel will be guided by international and Queensland Government records management standards and best practice principles.
Corporate Records will provide a leading role for the USQ response to meeting its recordkeeping compliance obligations through:
- establishing recordkeeping as a systematic part of its business operations so that records are identified, captured, managed and retained in an accessible and usable format that preserves the integrity of those records over time;
- management of the Realising our Potential (ROP) Records Management Service Delivery Model;
- successful deployment of the University's Electronic Document & Records Management System (e-DRMS) identified by ROP as the primary driver for records management compliance at USQ;
- provision of appropriate training, support and documented procedures for USQ personnel;
- promotion of a culture of 'best practice' recordkeeping at USQ; and
- implementation of an ongoing audit and monitoring program.
All corporate records, created and received by USQ, or, by individuals acting on its behalf (contractors and consultants), are the property of the University and subject to its control.
USQ is committed to developing and maintaining a University Records Management Framework based on the seven (7) mandatory principles of Queensland Information Standard 40: Recordkeeping (IS40). The University endorses the IS40 principles (below) to maintain compliant and accountable recordkeeping:
- Recordkeeping must be compliant and accountable (in all areas of business);
- Recordkeeping must be monitored and audited for compliance;
- Recordkeeping activity must be assigned (to specific officers) and implemented;
- Recordkeeping must be managed;
- Recordkeeping systems must be reliable and secure;
- Recordkeeping must be systematic and comprehensive; and
- Full and accurate records must be made and kept for as long as they are required for business, legislative, accountability and cultural purposes.
(To meet this principle, records must be created, captured, adequate, complete, meaningful, accurate, authentic, inviolate, accessible, useable, retained and preserved).
The Records Management Governance Policy and Procedure applies to all USQ records in all formats, including physical or hard copy records, electronic records such as email and other technology-dependent records.
Records Management is under the guidance and direction of University governance bodies.
4 Procedures - Management of USQ Records
4.1 Security Framework
Under the Queensland Information Standard 18: Information Security and Queensland Information Standard 40: Recordkeeping the University of Southern Queensland is required to establish a framework to provide direction and coordinated management of information security, including the effective management of USQ records.
There is an expectation that all USQ employees, contractors and consultants who create, receive, use or access USQ records, including users of the University's electronic document and records management system (e-DRMS), will adhere to the University's policies relating to:
- confidential and sensitive information
- Intellectual Property
This Records Management Governance Policy and Procedure, and all associated records management policies, standards, guides, references, practices, and procedures, form part of this ongoing commitment to records management governance.
4.1.1 Third Party Access
The University of Southern Queensland is required to consider and address information security when entering into third party contracts, including arrangements with contractors and consultants.
Accordingly, all third parties - including contractors, consultants, corporations, government bodies, and education institutions - will be required to sign a confidentiality agreement restricting the use and dispersal of confidential information.
All third parties will be advised that they are bound to comply with all aspects of this policy and its associated policies, standards, guides, references, practices, and procedures.
4.2 Roles and Responsibilities
University employees, contractors and consultants
USQ and all its employees are subject to legislative obligations relating to records management. Records management is a key function of all USQ business activities. The Vice-Chancellor, as Chief Executive Officer, is responsible for ensuring that the University complies with the cultural, business, legislative and accountability requirements.
All University employees, contractors and consultants are personally responsible for the records created or received by them in the performance of their duties and under their control. Each USQ employee, contractor and consultant will be responsible and accountable to the relevant cost centre manager for University records, created or received, that document USQ business functions, activities and transactions, and to maintain these records in accordance with University policy and legislative requirements.
Records Liaison Officers
Each cost centre will have a Records Liaison Officer (or nominee) who will be responsible for the day-today operational management of records.
University's records management system (e-DRMS) Project Officer
The University's records management system (e-DRMS) Project Officer will have a shared responsibility for records management across established USQ divisions, as follows:
- promoting and facilitating records management compliance (IS40);
- training, educating and supporting employees in records management standards and practices;
- maintaining the University's records management system Help Desk;
- assisting with the University's records management system (e-DRMS) roll-out;
- fostering a culture incorporating 'best practice' recordkeeping;
- establishing and maintaining linkages between Corporate Records and
- faculties/sections; and
- maintaining an ongoing Records Management audit/monitoring program.
Cost Centre Managers
Managers of business and organisational units are responsible and accountable to their line manager for records management activities within the cost centre:
- ensuring that USQ employees, contractors and consultants create, maintain and dispose of records as an integral part of their work, in accordance with established policies, procedures and standards;
- providing the resources necessary for the management of records;
- promoting a culture of 'best practice' recordkeeping;
- implementation of records management systems, including the University's electronic document and records management system (e-DRMS), as required (subject to the University's records management system Deployment Program);
- ensuring that all appropriate physical and electronic records within the cost centre, including business emails, are captured or recorded in the approved records management system (University's records management system); and
- liaising with Corporate Records, either directly or through the Records Liaison Officer or University's records management system (e-DRMS) Project Officer, on all aspects of records management.
Manager Corporate Records
The Manager Corporate Records is responsible for:
- providing executive oversight of Corporate Records service delivery across the University, including leadership, strategic direction, policy development and training programs;
- project management of the enterprise-wide University's records management system (e-DRMS) Project;
- providing expert advice to clients on specialist matters associated with records management policy, systems, legislation and statutory obligations;
- facilitating compliant recordkeeping and fostering a culture of 'best practice' recordkeeping' at USQ;
- undertaking planning and management functions as they relate to Corporate Records, including leading and managing Corporate Records team members; and
- working closely with other members of the Corporate Management Services Group to support professional relationships with key stakeholders.
Roles and responsibilities relating to this policy are documented, as applicable, in the associated standards, guides, references, practices, and procedures, and in relevant University policies - including all University employees, contractors, consultants and other third parties.
All University employees, contractors, consultants and other third parties are responsible for familiarising themselves with this policy, its associated standards, guides, references, practices, and procedures, as appropriate to their role within the University of Southern Queensland.
4.3 Records Management System
USQ maintains a number of approved electronic systems for the purpose of recordkeeping:
- Peoplesoft (Finance, HR and Student Administration)
- RecFind (Corporate (Corporate, HR, Student, faculties/sections))
Note: RecFind to be phased out in 2008/09.
- University's records management system (e-DRMS) (Corporate, HR, Student, faculties/sections)
Note: To be implemented University-wide from 2008.
In addition, there are a number of other electronic, paper-based, micrographic and audio-visual systems which have some form of limited recordkeeping functionality and capability.
It is mandatory for all University records (final version) to be recorded in one of the approved records management systems, as follows:
- All staff to ensure University records are recorded, managed and disposed using the approved records management systems.
- All records contained in the records management systems shall be securely stored and used in accordance with ICT Information Management and Security Policy and relevant records management policy.
4.4 Records Creation and Capture
Records are to be created and captured as evidence of business decisions, actions or transactions.
All records (final version), including business emails and other electronic records, created or received, shall be captured and managed in an approved records management system (as per 4.3 above).
Ownership of all USQ records is vested in the University of Southern Queensland - refer section 9(1) of the Public Records Act 2002.
4.5 Access to Records
Staff, contractors, consultants and other third parties may, subject to appropriate authority, have access to USQ records to fulfil their duties and obligations.
It is the expectation of the University that a staff member will access only those files and records which are necessary for the performance of duties of the position to which they are appointed, or, that they are lawfully requested to access.
All staff accessing the approved records management system (University's records management system (e-DRMS)) will be required to sign a Confidentiality Agreement (to be developed) at the time of seeking formal permission to access the University's records management system.
Under this policy the University reserves the right to access any USQ business record, created or received by staff, irrespective of its format or storage location.
4.6 Information Privacy
In accordance with the principles of the Information Privacy Act 2009, USQ will take appropriate measures to ensure the security of personal information, to protect it against loss, unauthorised access, use, modification or disclosure, and against any other misuse.
From time to time, USQ is required by law to release personal information to third parties through Instruments of Legal Discovery such as subpoena, Notices of Non-Party Discovery, and other consent arrangements.
Under existing administrative access arrangements staff and students are able to access their own staff or student file.
4.7 Right to Information
The Right to Information Act 2009 (RTI Act) provides the public with a legally enforceable right to obtain access to documents held by USQ, and to seek amendment of information held by USQ concerning their personal affairs if that information is inaccurate or incomplete. The RTI Act provides that access to certain documents or to certain information contained in documents may be refused in order to protect essential public interests or the private or business affairs of others. The person's right of access is not affected by any reason the person gives for seeking access. However, access is determined by the exemption provisions of the RTI Act.
4.8 Business Classification Scheme
All records management systems (electronic and physical), will be structured and maintained using the approved USQ Business Classification Scheme available at: and in accordance with the Business Classification Scheme Policy and Procedure.
All business records will be classified and files (physical and electronic) titled in accordance with the USQ Business Classification Scheme which is directly linked to the approved disposal schedules.
Maintenance of the USQ Business Classification Scheme is the responsibility of Corporate Records. All changes are subject to the approval of the Corporate Records Manager.
4.9 Disposal of Records
Disposal of USQ records must be made in accordance with Queensland Information Standard 31: Retention and Disposal of Public Records (IS31), USQ Records Disposal Policy and Procedure, and the approved Records Retention and Disposal Schedules, as follows:
Generic records (held by most Qld Government departments and agencies) are covered in the General Retention and Disposal Schedule (GRDS) issued by Queensland State Archives (QSA).
Records of cultural or historical significance to USQ may be retained beyond the approved disposal period.
Corporate Records is responsible for consulting with Queensland State Archives to assess the value of the records held by the University and for setting appropriate retention periods for those records.
4.10 Records of Continuing (Permanent) Value
Archives provide a record of the corporate memory of the University. Archives are inactive records that are deemed to have continuing value, either permanently or temporarily. A record may be considered permanent because of its evidential, fiscal, administrative, legal, informational or historic value. The University may identify records of cultural or historical significance that should be retained beyond the period set out in the approved retention and disposal schedules.
USQ Historical Archives Collection (located in L211)
(managed by Corporate Records)
USQ Historical Governance and Management Records Collection (located in B116)
(managed by Corporate Records)
USQ Historical Audio-visual and Photographic Collection (located in Y Block)
(managed by USQ Media Services)
The Corporate Records Manager has broad oversight of the USQ Historical Archives Collection and is responsible for its ongoing development and management, including donations receipts, appraisal and cataloguing, rotational themed displays, grant applications, marketing and promotion.
The University will maintain the USQ Historical Archives Collection, in its entirety, as a secure but publicly accessible collection and will organise regular public displays of historical materials.
Internal and external donations to the USQ Historical Archives Collection, of memorabilia, associated with the early development of the university are encouraged. However, all donations and loans of memorabilia (archives and objects) must be made in accordance with the Collection Policy for the USQ Historical Archives and, at the discretion of the Corporate Records Manager.
4.11 Archiving of Records
Inactive records will be retained in accordance with approved retention periods within established storage facilities.
- Inactive records will be the responsibility of the delegated officer within the faculty/section.
- Inactive records will remain accessible by authorised staff.
4.12 Records Storage
- The University is responsible for ensuring that records are adequately stored to prevent physical damage and/or loss and to minimise the physical deterioration of the records.
- Archival storage will be established and maintained by the faculty/section, in consultation with the Corporate Records Manager to ensure the utilisation of appropriate and secure storage facilities for all USQ records.
- Off-site storage of physical records will be at the cost of faculty/section and is subject to approval of Corporate Records Manager.
4.13 Disaster Recovery and Business Continuity
The University has developed plans for protecting and recovering its records in the event of a disaster:
- USQ Disaster Preparedness (Hard Copy Records) Policy and Procedure, complete with a Disaster Preparedness Plan, and .
- USQ Disaster Preparedness Policy (Electronic Records) - to be developed.
- Business Continuity Plan (BCP and Disaster Recovery Plan (DRP) - to be developed.
These plans ensure that vital records such as key legal agreements, contracts, memoranda of understanding, financial, and minutes of Council, Academic Board and committees reporting to those governing bodies receive the highest salvage priority and business operations are re-established, as soon as possible.
4.14 Staff Leaving Employment
A staff member who ceases employment at USQ shall, prior to departure, ensure all University records under his/her control, regardless of format, have been identified and included in the official recordkeeping system.
Supervisors/managers should ensure the departing staff member has complied with the above requirement prior to departure.
All USQ staff shall be provided with records management training to the level of their individual responsibilities under this policy.
The Corporate Records Manager will be responsible for the development and ongoing maintenance of appropriate training programs in records management for all USQ staff.
4.16 Audit and Review
A schedule of on-going records management audits shall be developed and implemented to ensure compliant and 'best practice' recordkeeping is established and maintained in all USQ cost centres.
The University's electronic records management system shall be reviewed every 5 years to ensure compliance and best practice are maintained.
4.17 Penalties and Discipline
Failure to comply with the terms of this policy may result in disciplinary action and process as determined according to USQ policy and procedures.
Conduct in contravention of this policy may also constitute an infringement of relevant State legislation. Non-compliance of the provisions of the Public Records Act 2002 such as unauthorised disposal of records (section 13 refers) may result in the impost of financial penalties.
4.18 Policy Monitoring and Review
The Manager Corporate Records, or their delegate, is responsible for monitoring, reporting, and review of this policy. This officer shall ensure that:
- this policy is reviewed at least once each calendar year;
- compliance with this policy is monitored/audited on a regular basis, as determined by risk assessment; and
- effectiveness of this policy is reported as directed by the Manager Corporate Records, or delegate.
The review cycle will be dependent on a number of factors, including the level of risk and the rate of change. Other triggers for renewing this policy include:
- changes to business operations, including the implementation of new systems;
- accommodation relocation and/or redevelopment;
- organisational change;
- occurrence of a significant incident that highlights an issue;
- emergence of new risks; and
- changes to technologies.
This policy must be read in conjunction with its subordinate schedules as provided in the table below.
7 Policy Information
Executive Director (Corporate Management Services)
Note: Many of the principles in the Information Standards are mandated by legislative provisions, for example the Financial and Performance Management Standard 2009 and the Public Records Act 2002.
Approved Disposal Schedules (Mandatory)
Queensland State Archives Guidelines
Best Practice Guide to Recordkeeping
Related forms, publications and websites
Terms defined in the Definitions Dictionary
Definitions that relate to this policy only
Failure to comply with this Policy or Policy Instrument may be considered as misconduct and the provisions of the relevant Policy or Procedure applied.
* This file is available in Portable Document Format (PDF) which requires the use of Adobe Acrobat Reader. A free copy of Acrobat Reader may be obtained from Adobe. Users who are unable to access information in PDF should email firstname.lastname@example.org to obtain this information in an alternative format.