Records and Information Management Procedure

Procedure overview

1 Purpose

To establish processes to manage the University's records and Information management environment throughout the Information Lifecycle.

2 Scope

This procedure applies across the University and is supported by local processes.

3 Procedure Overview

This procedure outlines the responsibilities of University Members and provides processes to assist in the implementation of the Records and Information Management Policy.

4 Procedures

4.1 Records and Information management

All Employees, contractors and consultants must make and keep full and accurate records of business activities (Public Records Act 2002).

All University Records and Information, with the exception of short term or transitory value records, must be captured in a compliant records management system or a University supported business system. The system(s) used should have regard for the Information Lifecycle and the minimum Retention Periods provided in the authorised Retention and Disposal Schedules.

University Records and Information should not be maintained (archived) in email folders, private accounts, personal drives or external storage media as these lack the necessary records management functionality.

The University is required by the relevant Regulatory Compliance Instruments to retain all records and Information for the minimum Retention Period specified in the authorised records Retention and Disposal Schedules issued by Queensland State Archives. The timely and authorised destruction of records and Information is essential for ongoing and effective management (refer to Section 4.9).

Ownership of all University business records (and Information) is vested in the University - refer to s. 9(1) of the Public Records Act 2002, unless otherwise agreed.

Under this procedure the University reserves the right to access any University business record or Information, created or received in the ordinary course of business, irrespective of its Format or storage location.

In the University's ongoing transition from a paper-based to digital recordkeeping environment, records born-digital should be managed-digital.

Corporate Records maintains an extensive suite of local processes to assist and support Employees, contractors and consultants in the management of the University's records and Information (refer to Section 7).

4.2 Roles and responsibilities

The University and all Employees, contractors and consultants are required to comply with the provisions of the relevant Regulatory Compliance Instruments. The responsibilities of these roles are listed in the following table:

Table 1: Roles and responsibilities

Role

Responsibilities

Vice-Chancellor
(as Chief Executive Officer)

Ensure the University makes and keeps full and accurate records of its activities according to the relevant Regulatory Compliance Instruments (Public Records Act 2002, s.7)

Manager (Corporate Records)

Provides executive oversight of recordkeeping across the organisation, including leadership and strategic advice through the interpretation, carriage and management of the compliance regimes relating to records and Information management, Right to Information, Administrative Access Scheme and Legal Discovery (third party).

Authorised to approve disposal of University Records as specified in relevant Regulatory Compliance Instruments.

Corporate Records

Implements relevant Regulatory Compliance Instruments and provides appropriate records and Information management training, support and documented processes.

Managers/supervisors
(organisational units)

Ensure Employees under their supervision are aware of their recordkeeping responsibilities and undertake training to ensure records are created and managed appropriately.

Employees, contractors and consultants

Personally responsible for the records and Information, created or received by them, in the performance of their duties and under their control, including the disposal of University Records and Information (refer Section 4.9).

Where possible, records and Information management requirements should be considered and embedded within University Policy and Procedures by the Accountable Officer. Further advice can be provided by Corporate Records.

4.3 Records and Information management training

All University Employees are able to access appropriate records and Information management training and support to the level of their individual responsibilities under this procedure (refer to Section 4.2).

Corporate Records is responsible for the ongoing development, delivery and maintenance of appropriate records and Information management training and support programs, and other related resources for all University Employees.

For further Information regarding training and support refer to Section 7.

4.4 Records and Information Security

In accordance with relevant Regulatory Compliance Instruments (refer to Section 7) the University is required to maintain a robust records and Information Security environment.

There is an expectation that all University Employees, contractors and consultants who create, receive, use, store or access University Records and Information, including users of the University's records management system, will adhere to relevant University Policy (refer to Section 7) including, but not limited to, the management of confidential and sensitive Information, copyright, intellectual property and Information Security.

A number of University-supported business systems with varying levels of recordkeeping capability are available for the capture and management of University Records and Information.

4.5 Records and Information accessibility

Records and Information, created or received by the University are managed, maintained and made accessible for as long as required to meet accountability, legal, administrative, financial, research and community requirements and expectations.

University Records and Information need to be identified and retained in a useable form for a minimum period as specified in an authorised Retention and Disposal Schedule (refer to Section 4.10). Records and items of Archival/Enduring value may be eligible for transfer to the USQ Historical Archives. For further Information, contact the Manager (Corporate Records).

Where required by Regulatory Compliance Instruments and business requirements, including senior management directive, access restrictions will be applied to selected records and Information to protect an individual's privacy or to protect the University's interests.

Information held by the University can be accessed by informal or formal request. Further information is available at Sections 4.6, 4.7 and 7 of this procedure.

4.6 Privacy

Access to Personal Information held by the University is restricted to individuals accessing their own Personal Information, authorised Employees having a business requirement or to third parties, as required by Regulatory Compliance Instruments.

Further Information concerning access to, or amendment of, personal Information is available from the University's website (refer to Section 7).

4.7 Right to Information

Right to Information requires, as the first option, proactive release of Information under discretionary administrative access arrangements. Should the University exercise its right to not disclose the requested Information under the administrative access process, a person has the right to access the Information, under the Right to Information Act 2009, subject to the limitations of the legislation.

Further Information concerning administrative access arrangements or Right to Information processes is available from the University's website (refer to Section 7).

4.8 Business Classification Scheme

The structure of the University's Business Classification Scheme is based on the functional activities of the University and is directly linked to the authorised Retention and Disposal Schedules (refer to Section 4.9). Embedded in the University's records management system, the Business Classification Scheme is reflected in the file titling structure and is accessible via the University's website (refer to Section 7).

4.9 Retention and disposal of records and Information

All University Employees, contractors and consultants are required to retain and dispose of University's records and Information in accordance with the Public Records Act 2002, and the relevant authorised Retention and Disposal Schedules (refer to Section 7).

All organisational units must use the relevant authorised Retention and Disposal Schedules for the purpose of Appraisal, retention and disposal of all University Records and Information, irrespective of Format and storage location. These authorities are readily accessible from the University's website (refer to Section 7).

Organisational units are encouraged to undertake, where possible, an annual cull of University Records and Information eligible for disposal; i.e. assessed as at the end of the Information Lifecycle.

All disposals of University Records and Information (with the exception of Transitory and Short Term Value Records), irrespective of Format and storage location, must be recorded in a Records Disposal Register (refer to Section 7).

The Records Disposal Register must be signed by the organisational unit manager and forwarded to the Manager (Corporate Records) for final approval. This is a requirement of the relevant Regulatory Compliance Instruments (refer to Section 4.2).

The approved Records Disposal Register must be retained for audit, legal and other business needs in accordance with the authorised Retention and Disposal Schedules.

The University will ensure that a Certificate of Destruction is issued by the contracted service provider for each service. The provider will use secure confidential bins for collection, or an appropriate alternative by special arrangement with the Environmental Office.

Matters requiring interpretation of the relevant Retention and Disposal Schedules should be referred to Corporate Records for investigation and advice.

4.10 Disaster recovery planning (hard copy records)

Corporate Records is responsible for maintaining the USQ Records Disaster Management Plan which defines individual responsibilities for disaster management of physical records and Information, including Vital Records, held by or under the control of the University. Further Information is accessible from the University's website (refer to Section 7).

ICT Services is responsible for management of the electronic Disaster Recovery process.

4.11 Audit and compliance

To meet business needs and Regulatory Compliance Obligations the University will maintain a proactive Records and Information Management Audit and Compliance Plan (restricted use).

4.12 Digitisation and disposal of Physical Source Records

Physical Source Records that meet the requirements set out in the Regulatory Compliance Instruments and the current Retention and Disposal Schedule authority, are eligible for early destruction after scanning into a compliant records management system or a University supported business system (refer Section 4.1). A Defensible Process will be developed and maintained to demonstrate a considered approach to meeting conditions and requirements for Physical Source Record digitisation and disposal authorisation.

5 References

Griffith University. (2014). Records Management Policy. Retrieved November 22, 2017, from policies.griffith.edu.au/pdf/Records%20Management%20Policy.pdf

Public Records Act 2002 (Qld) s. 9(1) (Austl).

University of the Sunshine Coast. (2015). Information and Records Management - Procedures. Retrieved November 22, 2017, from www.usc.edu.au/explore/policies-and-procedures/Information-and-records-management-procedures

6 Schedules

This procedure must be read in conjunction with its subordinate schedules as provided in the table below.

7 Procedure Information

Subordinate Schedules

Accountable Officer

Deputy Vice-Chancellor (Enterprise Services)

Responsible Officer

Deputy Vice-Chancellor (Enterprise Services)

Policy Type

University Procedure

Approved Date

12/12/2018

Effective Date

12/12/2018

Review Date

12/12/2021

Relevant Legislation

AS ISO 15489.1:2017

Electronic Transactions (Queensland) Act 2001

Evidence Act 1977

Financial Accountability Act 2009

Financial and Performance Management Standard 2009

General Retention and Disposal Schedule (GRDS)

Higher Education Standards Framework (Threshold Standards) 2015 - Domain 7

Information Privacy Act 2009

Information Standard 18: Information Security

Information Standard 34: Metadata

Private Email Use Policy

Public Interest Disclosure Act 2010

Public Records Act 2002

Records Governance Policy

Right to Information Act 2009

University Sector Retention and Disposal Schedule

Related Policies

Administrative Access Scheme Policy

Code of Conduct Policy

Enterprise Architecture Policy

Handling Personal Student Information Policy and Procedure

Historical Archives Collection Policy

ICT Information Management and Security Policy

Privacy Policy

Public Interest Disclosure Policy and Procedure

Records and Information Management Policy

Right to Information Policy

Risk Management Policy and Procedure

Related Procedures

Administrative Access Scheme Procedure

Engagement of Cloud Computing Services Procedure

Information Asset and Security Classification Procedure

Research Data Management Procedure

Right to Information Procedure

Use of Electronic Mail Procedure

User Experience Architecture Procedure

Related forms, publications and websites

Corporate Records

Defensible Process (restricted access)

Queensland State Archives

How to destroy records

Records Disaster Management Plan

Records Disposal Register

Records and Information Management Audit and Compliance Plan (restricted use)

Records and Information Management Framework

Definitions

Terms defined in the Definitions Dictionary

Accountable Officer

The person or entity accountable for the Policy or Procedure including development, implementation, monitoring and review. The Accountable Officer may nominate a Responsible Officer to manage this on their behalf....moreThe person or entity accountable for the Policy or Procedure including development, implementation, monitoring and review. The Accountable Officer may nominate a Responsible Officer to manage this on their behalf.

Employee

A person employed by the University and whose conditions of employment are covered by the USQ Enterprise Agreement and includes persons employed on a continuing, fixed term or casual basis. Employees also include senior Employees whose conditions of employment are covered by a written agreement or contract with the University....moreA person employed by the University and whose conditions of employment are covered by the USQ Enterprise Agreement and includes persons employed on a continuing, fixed term or casual basis. Employees also include senior Employees whose conditions of employment are covered by a written agreement or contract with the University.

Information

Any collection of data that is processed, analysed, interpreted, organised, classified or communicated in order to serve a useful purpose, present facts or represent knowledge in any medium or form. This includes presentation in electronic (digital), print, audio, video, image, graphical, cartographic, physical sample, textual or numerical form....moreAny collection of data that is processed, analysed, interpreted, organised, classified or communicated in order to serve a useful purpose, present facts or represent knowledge in any medium or form. This includes presentation in electronic (digital), print, audio, video, image, graphical, cartographic, physical sample, textual or numerical form.

Information Security

Concerned with the protection of Information from unauthorised use or accidental modification, loss or release....moreConcerned with the protection of Information from unauthorised use or accidental modification, loss or release.

Regulatory Compliance Instrument

An external compliance instrument provided by legislation, regulation, standards, statutes or rules, including subordinate instruments....moreAn external compliance instrument provided by legislation, regulation, standards, statutes or rules, including subordinate instruments.

Regulatory Compliance Obligation

An external obligation provided in Regulatory Compliance Instruments....moreAn external obligation provided in Regulatory Compliance Instruments.

Retention and Disposal Schedule

A legal document issued by the Queensland State Archivist to authorise the disposal of public records, including University Records....moreA legal document issued by the Queensland State Archivist to authorise the disposal of public records, including University Records.

Student

A person who: has been Admitted or Enrolled in an Academic Program at the University, but has not yet graduated from the program; or has been Enrolled in a Course at the University but has not yet completed the Course....moreA person who: has been Admitted or Enrolled in an Academic Program at the University, but has not yet graduated from the program; or has been Enrolled in a Course at the University but has not yet completed the Course.

University Members

Employees of the University whose conditions of employment are covered by the USQ Enterprise Agreement whether full time or fractional, continuing, fixed-term or casual, including senior Employees whose conditions of employment are covered by a written agreement or contract with the University; Members of the University Council and University Committees; Visiting and adjunct academic...moreEmployees of the University whose conditions of employment are covered by the USQ Enterprise Agreement whether full time or fractional, continuing, fixed-term or casual, including senior Employees whose conditions of employment are covered by a written agreement or contract with the University; Members of the University Council and University Committees; Visiting and adjunct academics; Volunteers who contribute to University activities or who act on behalf of the University; Individuals who are granted access to University facilities or who are engaged in providing services to the University, such as contractors and consultants, where applicable.

University Record

Any recorded information created or received that provides evidence of the decisions and activities of the University while undertaking its business. This is irrespective of the technology or medium used to generate, capture, manage, preserve and access those records....moreAny recorded information created or received that provides evidence of the decisions and activities of the University while undertaking its business. This is irrespective of the technology or medium used to generate, capture, manage, preserve and access those records.

Vice-Chancellor

The person bearing the title of Vice-Chancellor or as otherwise defined in the University of Southern Queensland Act 1998, including a person acting in that position....moreThe person bearing the title of Vice-Chancellor or as otherwise defined in the University of Southern Queensland Act 1998, including a person acting in that position.

Vital Records

Records that are essential for the ongoing business of the University, without which the University could not continue to function effectively or protect its Assets and interests. They are irreplaceable, or would require significant resources to recreate, and contain Information needed to re-establish the University in the event of a disaster and satisfy ongoing core business responsib...moreRecords that are essential for the ongoing business of the University, without which the University could not continue to function effectively or protect its Assets and interests. They are irreplaceable, or would require significant resources to recreate, and contain Information needed to re-establish the University in the event of a disaster and satisfy ongoing core business responsibilities. These include, but are not limited to, contracts, deeds, memoranda of understanding, licences, evidence of ownership of physical and intellectual property, and other records documenting the legal authority or rights of the University.

Definitions that relate to this procedure only

Appraisal (of records)

The process of business activity analysis to determine which records are to be created and captured and for how long they are to be retained.

Archival/Enduring

The ongoing usefulness or significance of records or artefacts, based on the evidential, administrative, financial, legal, informational and historical values that justify their permanent retention. These records or artefacts have enduring value to the agency, and therefore need to be kept indefinitely.

Defensible Process

A process that meets the requirements of the source records disposal authorisations, showing a considered approach has been developed and documented, and is auditable or usable as evidence to prove that all relevant conditions and requirements can be or have been met.

Information Lifecycle

Stage through which every (written or computerised) record goes through from its creation to its final archiving or destruction. These stages may include change of Format or recording media for easier access or more secure storage.

Physical Source Record

An original record that is tangible and takes up physical space (e.g. paper or microfilm).

Retention Period

The minimum period of time that records need to be kept before their final disposal as specified in an authorised Retention and Disposal Schedule.

Transitory and Short Term Value Records

As described in the General Retention and Disposal Schedule, records with a low or limited value required to be kept for a short period of time; i.e. until business use ceases.

Format

The physical form, medium or computer file format in which a record is maintained or Information is stored. For example, paper, electronic (including, but not limited to, emails, Microsoft word documents and Excel spreadsheets), microfilm, scanned images (PDF/A), audio-visual, photographs, maps and plans.

Keywords

Record No

16/1339PL

Complying with the law and observing Policy and Procedure is a condition of working and/or studying at the University.

* This file is available in Portable Document Format (PDF) which requires the use of Adobe Acrobat Reader. A free copy of Acrobat Reader may be obtained from Adobe. Users who are unable to access information in PDF should email policy@usq.edu.au to obtain this information in an alternative format.