Home
Policy Library
Records and Information Management Procedure

Records and Information Management Procedure

Procedure overview

1 Purpose
2 Scope
3 Procedure Overview
4 Procedures
5 References
6 Schedules
7 Procedure Information

1 Purpose

To establish processes to manage the University's records and Information management environment throughout the Information Lifecycle.

2 Scope

This procedure applies across the University and is supported by local processes.

3 Procedure Overview

This procedure outlines the responsibilities of University Members and provides processes to assist in the implementation of the Records and Information Management Policy.

This procedure aligns with:

Higher Education Standards Framework (Threshold Standards) 2021: Standard 7.3 Information Management

4 Procedures

4.1 Records and Information management

All Employees, contractors and consultants must make and keep full and accurate records of business activities (Public Records Act 2002).

All University Records and Information, with the exception of short term or transitory value records, must be captured in a compliant records management system or a University supported business system. The system(s) used should have regard for the Information Lifecycle and the minimum Retention Periods provided in the authorised Retention and Disposal Schedules.

University Records and Information should not be maintained (archived) in email folders, private accounts, personal drives or external storage media as these lack the necessary records management functionality.

The University is required by the relevant Regulatory Compliance Instruments to retain all records and Information for the minimum Retention Period specified in the authorised records Retention and Disposal Schedules issued by Queensland State Archives. The timely and authorised destruction of records and Information is essential for ongoing and effective management (refer to Section 4.9).

Ownership of all University business records (and Information) is vested in the University - refer to s. 9(1) of the Public Records Act 2002, unless otherwise agreed.

Under this procedure the University reserves the right to access any University business record or Information, created or received in the ordinary course of business, irrespective of its Format or storage location.

In the University's ongoing transition from a paper-based to digital recordkeeping environment, records born-digital should be managed-digital.

Enterprise Information Management Services maintains an extensive suite of local processes to assist and support Employees, contractors and consultants in the management of the University's records and Information (refer to Section 7).

4.2 Roles and responsibilities

The University and all Employees, contractors and consultants are required to comply with the provisions of the relevant Regulatory Compliance Instruments. The responsibilities of these roles are listed in the following table:

Table 1: Roles and responsibilities

Role	Responsibilities
Vice-Chancellor (as Chief Executive Officer)	Ensure the University makes and keeps full and accurate records of its activities according to the relevant Regulatory Compliance Instruments (Public Records Act 2002, s.7)
Manager (Enterprise Information Management)	Provides executive oversight of recordkeeping across the organisation, including leadership and strategic advice through the interpretation, carriage and management of the compliance regimes relating to records and Information management, Right to Information, Administrative Access Scheme and Legal Discovery (third party). Authorised to approve disposal of University Records as specified in relevant Regulatory Compliance Instruments.
Enterprise Information Management Services	Implements relevant Regulatory Compliance Instruments and provides appropriate records and Information management training, support and documented processes.
Managers/supervisors (organisational units)	Ensure Employees under their supervision are aware of their recordkeeping responsibilities and undertake training to ensure records are created and managed appropriately.
Employees, contractors and consultants	Personally responsible for the records and Information, created or received by them, in the performance of their duties and under their control, including the disposal of University Records and Information (refer Section 4.9).

Where possible, records and Information management requirements should be considered and embedded within University Policy Instruments by the Accountable Officer. Further advice can be provided by Enterprise Information Management Services.

4.3 Records and Information management training

All University Employees are able to access appropriate records and Information management training and support to the level of their individual responsibilities under this procedure (refer to Section 4.2).

Enterprise Information Management Services is responsible for the ongoing development, delivery and maintenance of appropriate records and Information management training and support programs, and other related resources for all University Employees.

For further Information regarding training and support refer to Section 7.

4.4 Records and Information Security

In accordance with relevant Regulatory Compliance Instruments (refer to Section 7) the University is required to maintain a robust records and Information Security environment.

There is an expectation that all University Employees, contractors and consultants who create, receive, use, store or access University Records and Information, including users of the University's records management system, will adhere to relevant University Policy (refer to Section 7) including, but not limited to, the management of confidential and sensitive Information, copyright, intellectual property and Information Security.

A number of University-supported business systems with varying levels of recordkeeping capability are available for the capture and management of University Records and Information.

4.5 Records and Information accessibility

Records and Information, created or received by the University are managed, maintained and made accessible for as long as required to meet accountability, legal, administrative, financial, research and community requirements and expectations.

University Records and Information need to be identified and retained in a useable form for a minimum period as specified in an authorised Retention and Disposal Schedule (refer to Section 4.10). Records and items of Archival/Enduring value may be eligible for transfer to the UniSQ Historical Archives. For further Information, contact the Manager (Enterprise Information Management).

Where required by Regulatory Compliance Instruments and business requirements, including senior management directive, access restrictions will be applied to selected records and Information to protect an individual's privacy or to protect the University's interests.

Information held by the University can be accessed by informal or formal request. Further information is available at Sections 4.6, 4.7 and 7 of this procedure.

4.6 Privacy

Access to Personal Information held by the University is restricted to individuals accessing their own Personal Information, authorised Employees having a business requirement or to third parties, as required by Regulatory Compliance Instruments.

Further Information concerning access to, or amendment of, personal Information is available from the University's website (refer to Section 7).

4.7 Right to Information

Right to Information requires, as the first option, proactive release of Information under discretionary administrative access arrangements. Should the University exercise its right to not disclose the requested Information under the administrative access process, a person has the right to access the Information, under the Right to Information Act 2009, subject to the limitations of the legislation.

Further Information concerning administrative access arrangements or Right to Information processes is available from the University's website (refer to Section 7).

4.8 Business Classification Scheme

The structure of the University's Business Classification Scheme is based on the functional activities of the University and is directly linked to the authorised Retention and Disposal Schedules (refer to Section 4.9). Embedded in the University's records management system, the Business Classification Scheme is reflected in the file titling structure and is accessible via the University's website (refer to Section 7).

4.9 Retention and disposal of records and Information

All University Employees, contractors and consultants are required to retain and dispose of University's records and Information in accordance with the Public Records Act 2002, and the relevant authorised Retention and Disposal Schedules (refer to Section 7).

All organisational units must use the relevant authorised Retention and Disposal Schedules for the purpose of Appraisal, retention and disposal of all University Records and Information, irrespective of Format and storage location. These authorities are readily accessible from the University's website (refer to Section 7).

Organisational units are encouraged to undertake, where possible, an annual cull of University Records and Information eligible for disposal; i.e. assessed as at the end of the Information Lifecycle.

All disposals of University Records and Information (with the exception of Transitory and Short Term Value Records), irrespective of Format and storage location, must be recorded in a Records Disposal Register (refer to Section 7).

The Records Disposal Register must be signed by the organisational unit manager and forwarded to the Manager (Enterprise Information Management) for final approval. This is a requirement of the relevant Regulatory Compliance Instruments (refer to Section 4.2).

The approved Records Disposal Register must be retained for audit, legal and other business needs in accordance with the authorised Retention and Disposal Schedules.

The University will ensure that a Certificate of Destruction is issued by the contracted service provider for each service. The provider will use secure confidential bins for collection, or an appropriate alternative by special arrangement with the Environmental Office.

Matters requiring interpretation of the relevant Retention and Disposal Schedules should be referred to Enterprise Information Management Services for investigation and advice.

4.10 Disaster recovery planning (hard copy records)

Enterprise Information Management Services is responsible for maintaining the UniSQ Records Disaster Management Plan which defines individual responsibilities for disaster management of physical records and Information, including Vital Records, held by or under the control of the University. Further Information is accessible from the University's website (refer to Section 7).

ICT Services is responsible for management of the electronic Disaster Recovery process.

4.11 Audit and compliance

To meet business needs and Regulatory Compliance Obligations the University will maintain a proactive Records and Information Management Audit and Compliance Plan (restricted use).

4.12 Digitisation and disposal of Physical Source Records

Physical Source Records that meet the requirements set out in the Regulatory Compliance Instruments and the current Retention and Disposal Schedule authority, are eligible for early destruction after scanning into a compliant records management system or a University supported business system (refer Section 4.1). A Defensible Process will be developed and maintained to demonstrate a considered approach to meeting conditions and requirements for Physical Source Record digitisation and disposal authorisation.

5 References

Griffith University. (2014). Records Management Policy. Retrieved December 15, 2023, from https://www.griffith.edu.au/__data/assets/pdf_file/0030/283791/Records-Management-Policy.pdf

Public Records Act 2002 (Qld) s. 9(1) (Austl).

University of the Sunshine Coast. (2015). Information and Records Management - Procedures. Retrieved December 15, 2023, from https://www.usc.edu.au/about/policies-and-procedures/information-and-records-management-procedures

6 Schedules

This procedure must be read in conjunction with its subordinate schedules as provided in the table below.

7 Procedure Information

Accountable Officer	Deputy Vice-Chancellor (Enterprise Services)
Responsible Officer	Deputy Vice-Chancellor (Enterprise Services)
Policy Type	University Procedure
Policy Suite	Records and Information Management Policy
Subordinate Schedules
Approved Date	12/12/2018
Effective Date	12/12/2018
Review Date	14/12/2028
Relevant Legislation	AS ISO 15489.1:2017 Electronic Transactions (Queensland) Act 2001 Evidence Act 1977 Financial Accountability Act 2009 Financial and Performance Management Standard 2019 General Retention and Disposal Schedule (GRDS) Higher Education Standards Framework (Threshold Standards) 2021 Information Privacy Act 2009 Information security policy (IS18:2018) Metadata management principles Private Email Use Policy Public Interest Disclosure Act 2010 Public Records Act 2002 Records governance policy Right to Information Act 2009 University Sector Retention and Disposal Schedule
Policy Exceptions	Policy Exceptions Register
Related Policies	Administrative Access Scheme Policy Code of Conduct Policy Enterprise Architecture Policy Enterprise Risk Management Policy Handling Personal Student Information Policy and Procedure Historical Archives Collection Policy ICT Information Management and Security Policy Intellectual Property Policy Privacy Policy Public Interest Disclosure Policy Right to Information Policy
Related Procedures	Administrative Access Scheme Procedure Commercialisation of Intellectual Property Procedure Engagement of Cloud Computing Services Procedure Information Asset and Security Classification Procedure Intellectual Property Procedure Research Data and Primary Materials Management Procedure Right to Information Procedure Use of Electronic Mail Procedure User Experience Architecture Procedure
Related forms, publications and websites	Enterprise Information Management Services Defensible Process (restricted access) Disposal advice for record managers Queensland State Archives Records Disaster Management Plan Records Disposal Register Records and Information Management Audit and Compliance Plan (restricted use) Records Compliance Framework
Definitions	Terms defined in the Definitions Dictionary
	Accountable Officer The person or entity accountable for the Policy or Procedure including development, implementation, monitoring and review. The Accountable Officer may nominate a Responsible Officer to manage this on their behalf....moreThe person or entity accountable for the Policy or Procedure including development, implementation, monitoring and review. The Accountable Officer may nominate a Responsible Officer to manage this on their behalf. Employee A person employed by the University and whose conditions of employment are covered by the Enterprise Agreement and includes persons employed on a continuing, fixed term or casual basis. Employees also include senior Employees whose conditions of employment are covered by a written agreement or contract with the University....moreA person employed by the University and whose conditions of employment are covered by the Enterprise Agreement and includes persons employed on a continuing, fixed term or casual basis. Employees also include senior Employees whose conditions of employment are covered by a written agreement or contract with the University. Information Any collection of data that is processed, analysed, interpreted, organised, classified or communicated in order to serve a useful purpose, present facts or represent knowledge in any medium or form. This includes presentation in electronic (digital), print, audio, video, image, graphical, cartographic, physical sample, textual or numerical form....moreAny collection of data that is processed, analysed, interpreted, organised, classified or communicated in order to serve a useful purpose, present facts or represent knowledge in any medium or form. This includes presentation in electronic (digital), print, audio, video, image, graphical, cartographic, physical sample, textual or numerical form. Information Security Concerned with the protection of Information from unauthorised use or accidental modification, loss or release....moreConcerned with the protection of Information from unauthorised use or accidental modification, loss or release. Policy Instrument A Policy Instrument refers to an instrument that is governed by the Policy framework. These include Policies, Procedures and Schedules....moreA Policy Instrument refers to an instrument that is governed by the Policy framework. These include Policies, Procedures and Schedules. Regulatory Compliance Instrument An external compliance instrument provided by legislation, regulation, standards, statutes or rules, including subordinate instruments....moreAn external compliance instrument provided by legislation, regulation, standards, statutes or rules, including subordinate instruments. Regulatory Compliance Obligation An external obligation provided in Regulatory Compliance Instruments....moreAn external obligation provided in Regulatory Compliance Instruments. Retention and Disposal Schedule A legal document issued by the Queensland State Archivist to authorise the disposal of public records, including University Records....moreA legal document issued by the Queensland State Archivist to authorise the disposal of public records, including University Records. Student A person who is enrolled in a UniSQ Upskill Course or who is admitted to an Award Program or Non-Award Program offered by the University and is: currently enrolled in one or more Courses or study units; or not currently enrolled but is on an approved Leave of Absence or whose admission has not been cancelled....moreA person who is enrolled in a UniSQ Upskill Course or who is admitted to an Award Program or Non-Award Program offered by the University and is: currently enrolled in one or more Courses or study units; or not currently enrolled but is on an approved Leave of Absence or whose admission has not been cancelled. University Members Persons who include: Employees of the University whose conditions of employment are covered by the UniSQ Enterprise Agreement whether full time or fractional, continuing, fixed-term or casual, including senior Employees whose conditions of employment are covered by a written agreement or contract with the University; members of the University Council and University Committees; visiti...morePersons who include: Employees of the University whose conditions of employment are covered by the UniSQ Enterprise Agreement whether full time or fractional, continuing, fixed-term or casual, including senior Employees whose conditions of employment are covered by a written agreement or contract with the University; members of the University Council and University Committees; visiting, honorary and adjunct appointees; volunteers who contribute to University activities or who act on behalf of the University; and individuals who are granted access to University facilities or who are engaged in providing services to the University, such as contractors or consultants, where applicable. University Record Any recorded information created or received that provides evidence of the decisions and activities of the University while undertaking its business. This is irrespective of the technology or medium used to generate, capture, manage, preserve and access those records....moreAny recorded information created or received that provides evidence of the decisions and activities of the University while undertaking its business. This is irrespective of the technology or medium used to generate, capture, manage, preserve and access those records. Vice-Chancellor The person bearing the title of Vice-Chancellor and President, or as otherwise defined in the University of Southern Queensland Act 1998, including a person acting in that position....moreThe person bearing the title of Vice-Chancellor and President, or as otherwise defined in the University of Southern Queensland Act 1998, including a person acting in that position. Vital Records Records that are essential for the ongoing business of the University, without which the University could not continue to function effectively or protect its Assets and interests. They are irreplaceable, or would require significant resources to recreate, and contain Information needed to re-establish the University in the event of a disaster and satisfy ongoing core business responsib...moreRecords that are essential for the ongoing business of the University, without which the University could not continue to function effectively or protect its Assets and interests. They are irreplaceable, or would require significant resources to recreate, and contain Information needed to re-establish the University in the event of a disaster and satisfy ongoing core business responsibilities. These include, but are not limited to, contracts, deeds, memoranda of understanding, licences, evidence of ownership of physical and intellectual property, and other records documenting the legal authority or rights of the University.
	Definitions that relate to this procedure only
	Appraisal (of records) The process of business activity analysis to determine which records are to be created and captured and for how long they are to be retained. Archival/Enduring The ongoing usefulness or significance of records or artefacts, based on the evidential, administrative, financial, legal, informational and historical values that justify their permanent retention. These records or artefacts have enduring value to the agency, and therefore need to be kept indefinitely. Defensible Process A process that meets the requirements of the source records disposal authorisations, showing a considered approach has been developed and documented, and is auditable or usable as evidence to prove that all relevant conditions and requirements can be or have been met. Information Lifecycle Stage through which every (written or computerised) record goes through from its creation to its final archiving or destruction. These stages may include change of Format or recording media for easier access or more secure storage. Physical Source Record An original record that is tangible and takes up physical space (e.g. paper or microfilm). Retention Period The minimum period of time that records need to be kept before their final disposal as specified in an authorised Retention and Disposal Schedule. Transitory and Short Term Value Records As described in the General Retention and Disposal Schedule, records with a low or limited value required to be kept for a short period of time; i.e. until business use ceases. Format The physical form, medium or computer file format in which a record is maintained or Information is stored. For example, paper, electronic (including, but not limited to, emails, Microsoft word documents and Excel spreadsheets), microfilm, scanned images (PDF/A), audio-visual, photographs, maps and plans.
Keywords
Record No	16/1339PL

Complying with the law and observing Policy and Procedure is a condition of working and/or studying at the University.

* This file is available in Portable Document Format (PDF) which requires the use of Adobe Acrobat Reader. A free copy of Acrobat Reader may be obtained from Adobe. Users who are unable to access information in PDF should email policy@usq.edu.au to obtain this information in an alternative format.

Study

Current Students

Research

Alumni

About