Governance

RECORDS MANAGEMENT POLICY

Date approved:

26 September 2006

Date Policy will take effect:

26 September 2006

Date of Next Review:

July 2015

Approved by:

University Council

Custodian title & e-mail address:

Senior Manager, Enterprise Content Management, Academic Registrar’s Division

rm-request@uow.edu.au

Author:

Senior Manager, Enterprise Content Management, Academic Registrar’s Division

Responsible Faculty/
Division & Unit:

Enterprise Content Management Unit, Academic Registrar’s Division

Supporting documents, procedures & forms of this policy:

UOW Records Disposal Register

UOW Metadata Standards

General Retention and Disposal Authorities

References & Legislation:

State Records Act 1998 (NSW)
Privacy and Personal Information Protection Act 1998

Health Records and Information Privacy Act 2002 (NSW)

Government Information (Public Access) Act 2009 (NSW)

Independent Commission Against Corruption Act 1988 (NSW)

Public Interest Disclosures Act 1994 (NSW)

University of Wollongong Act 1989 (NSW)
and the By Laws and Rules of the University
Privacy Policy

University Archives Policy

Business Continuity Management Policy

Standard on the Physical Storage of State Records (issued 2012)
Standard on Counter Disaster Strategies for Records and Recordkeeping Systems
(issued 2002)
Standard on Full and Accurate Records
(issued 2004)
Standard on Managing a Records Management Program
(issued 2004)

Standard on Digital Recordkeeping (issued 2008)
State Records NSW

Audience:

Public – accessible to anyone

Expiry Date of Policy

(if applicable):

Not applicable

Submit your feedback on this Policy document using the Policy Feedback Facility.

Contents

1 Purpose of Policy

  • 1. The University of Wollongong (UOW) is required to comply with the State Records Act 1998 (NSW) and the standards, policies and guidelines issued under it. Good record-keeping supports UOW’s business needs, compliance requirements under legislative frameworks, and the interests of stakeholders.
  • 2. UOW demonstrates compliance with the State Records Act 1998 (NSW) and other legislative requirements through implementing and maintaining good recordkeeping practices across all areas and functions of UOW, through UOW’s Records Management Program.
  • 3. The purpose of this Policy is to outline responsibilities and compliance controls regarding records management, with the objective of:
        • a. ensuring compliance with the State Records Act 1998 (NSW);
        • b. contributing towards the development of efficient and effective knowledge management at UOW;
        • c. ensuring that full and accurate records are created, captured and maintained for all UOW business activities; and
        • d. ensuring disposal of records are undertaken in a controlled and compliant manner.

2 Definitions

Word/Term

Definition

Archives

Records that have been selected for indefinite retention on the basis of their continuing value for legal, administrative, financial or historical purposes, but are no longer required for current use.

See the University Archives Policy

Business activities

Any action that contributes towards UOW’s decision-making process or service delivery, including all UOW’s functions, processes, activities and transactions.

Enterprise Content Management Unit (ECM)

Unit of Academic Registrar’s Division (ARD) responsible for maintaining and supporting the UOW Records Management Program.

Full and accurate record

A record that:

    • correctly reflects what was done, communicated or decided, and can be trusted as a true representation of the transactions or events which it documents;

    • is authentic, for example the record can be proven to be what it claims to be, to have been created or sent by the person claimed to have created or sent it, and to have been created or sent at the time claimed;

    • has integrity by virtue of being complete and protected against unauthorised access, alteration, deletion or loss; and

    • is usable by virtue of being understandable, complete, retrievable and available through time.

Indexed

The process of uploading and assigning metadata to a record.

Knowledge management

A multi-disciplined approach to achieving organisational objectives by making the best use of knowledge. Knowledge management focuses on processes such as creating, acquiring, sharing and preserving knowledge and corporate history, and the cultural and technical foundations that support them. The aim is to align knowledge processes with organisational objectives.

Managing records

Any action relating to the life cycle of a record, including the storage, assignment of metadata, retrieval, transfer, preservation, and eventual disposal of records.

Metadata

The information used to describe the context and structure of records and their management through time. The purpose of using metadata is to help users identify and retrieve relevant documents without having to read the actual document, to define who is allowed to access the document, to provide contextual information such as who created the document, and to define how long the document needs to be kept.

Metadata Standards

Record keeping metadata tools that instruct system users to enter records into the RMS with consistent and descriptive data entry in the information fields of the various functional areas of the system supporting easy retrieval.

Online Content Management Officer (Records)

A UOW employee whose responsibility is to administer the Records Management System and provide services to help UOW achieve:

    • efficient and effective records management that meets UOW’s business needs; and
    • compliance with the State Records Act 1998 (NSW).

Record

Records are a part of and result from business activities and provide evidence of those activities. Any document or other source of information compiled, recorded or stored in written form or on film, or by electronic process, or in any other manner or by any other means (State Records Act 1998 (NSW). Records may include, but are not limited to, any staff member’s paper based records, emails, or electronic documents stored at UOW or on UOW equipment. A record does not include personal and/or private documents that are not part of official UOW business records.

Records Disposal

Any method of removing records from the University’s control, such as archiving or destruction.

Records Management Program

The management framework, the people and the recordkeeping systems required to manage full and accurate records over time. It covers all records and recordkeeping systems and includes the identification and protection of records that may be required as State archives (see State Records Act 1998 (NSW).

Records Management System (RMS)

The University of Wollongong installation of Oracle Universal Records Management, or equivalent replacement system, under the control of the Enterprise Content Management Unit.

Units

All UOW faculties, divisions and units

UOW

The University of Wollongong

3 Application & Scope

  • 1. This Policy applies to all records of corporate value created during business activities at UOW, including, but not limited to, student records, research records, staff records, and financial records.
  • 2. This Policy applies to all business activities of UOW conducted within Australia.
  • 3. This Policy applies to records of business activities of UOW conducted outside Australia where such records come within the possession or control of UOW within Australia.
  • 4. This Policy applies to the creation, management, storage, retrieval and disposal of records by all UOW staff.
  • 5. UOW controlled entities must comply with the NSW State Records Act and the general retention and disposal authorities including GDA 23 – University records.
  • 6. This Policy replaces all previous Records Management Policies and takes precedence over local Records Management policies, guidelines and practices.

4 Policy Principles

  • 1. UOW is required to establish a Records Management Program that complies with the requirements of the State Records Act 1998 (NSW) and associated standards, policies and guidelines.
  • 2. This Records Management Program must be implemented in all Units across UOW to support the requirements of this Policy. Unit business activities may be subject to internal/external monitoring and auditing to ensure ongoing compliance.
  • 3. Record-keeping requirements should be embedded within UOW procedures and plans including any Quality Management Systems.

5 Record Creation

Defining Records

  • 1. The following examples can be applied when deciding if records created are of corporate value and need to be saved into the RMS.
  • 2. The record;
      • is written, received or used in the course of business dealings
      • approves or authorises actions
      • signifies a policy change or development
      • commits the organisation to an arrangement or business deal
      • contains advice or provides guidance for people inside or outside the organisation
      • requires an action
      • if an email, is the matter likely to be reviewed or audited

Creating Records

  • 3. Records must be created and indexed as close to the commencement of a business activity or issue as practicable. This will ensure a full and accurate record is captured and maintained within the RMS as soon as practical. This includes, but is not limited to, emails and documents generated electronically and verbal decisions and advice. Records are indexed using metadata as a tool to describe records, people and business activities in a suitable amount of detail to ensure;
        • a. better information accessibility
        • b. consistency, improved records management, and
        • c. greater accountability in business operations.
  • 4. Where records are not indexed into the RMS on creation they should be stored in accordance with the physical storage requirements outlined in this policy until they are entered electronically.
  • 5. To preserve the integrity of UOW’s records, no additions or alterations should be made to an existing record. If additions or alterations are required, a subsequent record should be created and added using the same metadata principles.

Electronic Record-keeping

  • 6. All electronic records within UOW should be stored within the RMS. The use of non-official electronic systems by Business Units to capture and manage records in an electronic format, must be approved by the Academic Registrar or approved delegate to ensure compliance with NSW state legislation requirements. If the business unit is unable to access an approved electronic records system, records should be managed in accordance within the physical storage requirements outlined in this policy.

Electronic mail (Email)

  • 7. Email correspondence is an official record where it is used to document business activity of UOW. If the matter in an email is likely to be reviewed or audited the record should be stored within the RMS including all previous threads and relevant attachments to ensure it is a full and accurate record.
  • 8. Storing emails within email folders on a UOW computer does not satisfy the Records Management Policy.

Business Systems and Databases

  • 9. Where Units purchase or develop business systems, record-keeping requirements should be considered and documented at the requirements/tender stage. The Enterprise Content Management Unit should be contacted for advice. ECM will consult ITS, reference the Standard on Digital Recordkeeping and liaise with the Unit.
  • 10. The Enterprise Content Management Unit should be notified of the existence of databases/systems that capture records not held in the RMS. Databases/systems that store records must have an official backup schedule, controlled access and be able to be audited.
  • 11. Where records are scheduled for system migration, the Enterprise Content Management unit should be advised and the process must be clearly managed and documented in line with NSW State Records requirements.

Ownership, Custody and Control of Records and Archives

  • 12. All records created by staff, or received by staff, in the course of UOW’s operations and activities, are owned by UOW unless otherwise specified under contract. Regardless of the ownership of records, any record created, accessed and or stored by UOW must be managed pursuant to this policy.
  • 13. Control of records assessed as being State Archives under the retention and disposal authorities issued under the State Records Act 1998 (NSW) will eventually transfer to State Records NSW.
  • 14. The custody of State archives will remain with the University Archives within the UOW Library in line with the distributed management agreement with State Records NSW. UOW will retain both custody and control of any other historical records assessed as having continuing value.
  • 15. Archives must be managed in compliance with the University Archives Policy.

6 Record Storage and Classification

Storage systems

  • 1. All UOW records must be stored within the RMS in accordance with the State Records Act 1998 (NSW) and related UOW policy documents.
  • 2. Where records are stored in systems other than the RMS the system owner must ensure the system satisfies NSW State Records Legislation and the Business Continuity Management Policy through appropriate backup and disaster recovery practices.

Records Databases and Systems

  • 3. Metadata assigned to records within the RMS must meet minimum standards issued under the State Records Act 1998 (NSW).
  • 4. Metadata requirements for UOW records are defined in UOW’s Metadata Standards.
  • 5. Database/System administrators are responsible for ensuring records that are not stored in the RMS have sufficient security and metadata assigned.

Record Security Assignment

  • 6. All UOW records must be allocated an appropriate security classification in the RMS system.
  • 7. Where records cannot be stored in the RMS the records must be secured by other means, either through password protection or locked filing cabinets with access procedures.
  • 8. All physical files must be stored in accordance with the physical storage requirements outlined in this policy.

Physical Storage locations and security

  • 9. Physical records must be stored in a secure area with access only provided to authorised staff.
  • 10. Where records are stored with an individual employee they should be made available to authorised users at all times.
  • 11. Current records should be stored with the Unit that is responsible for the records.
  • 12. Non-current records should be indexed into the RMS and destroyed or stored as archives in a suitable location.
  • 13. Records identified as State and UOW historical archives should be stored with the UOW Archives or stored in other secure areas in consultation with the UOW Archivist.
  • 14. No physical records are to be stored outside UOW controlled premises without approval from the Academic Registrar or approved delegate.

Legal Records

  • 15. Where UOW receives legal records of significance, such as deeds of ownership they must be lodged with the Senior Executive and stored in an appropriate location, with notice of the document and location provided to the Legal Services Unit. The physical copy of these records should not be destroyed post digitisation and must be retained by UOW in a secure location.

7 Access to Records

Security Classification

  • 1. Security Classification is assigned on entry into the RMS as follows:
        • a. A Public: This security classification is a default security classification and indicates that a file can be accessed by all UOW staff.
        • b. Business Unit: This security classification is assigned by a user on check-in and is determined by the relevant Business Units. A list of available workgroups and the approval delegation can be obtained from https://intranet.uow.edu.au/recordsmanagement/workgroups/index.html

Access to Records by UOW staff

  • 2. Staff should only access records for which they have a legitimate need in the capacity of their employment with UOW.
  • 3. Access to RMS security classifications requires approval from the relevant authority as outlined on the Records Management Intranet Site.
  • 4. Members of the Executive and Legal Services Unit are considered authorised users where access to specific records is required for the purpose of their roles.

Access to Records by external parties

  • 5. Access to records is not to be provided to parties external to UOW unless authorised by the Information Compliance Officer and permissible under a UOW directive, policy document or where required by law.
  • 6. Where a request to access a UOW document is made that is not covered by a UOW policy document the staff member should contact the Information Compliance Officer in the Legal Services Unit.
  • 7. Provision of original physical records should be avoided and where possible copies provided.

Access to Records via Subpoena or Warrant

  • 8. Access to records via subpoena or legal warrant is to be managed by the Legal Services Unit.
  • 9. If a subpoena or legal warrant addressed to UOW is received by a Faculty or Unit, it should immediately be referred to the Legal Services Unit.
  • 10. No information should be supplied in reply to the subpoena or legal warrant without the approval of Legal Services Unit.
  • 11. A destruction prohibition will apply to any information under request.

Access to Records via the Government Information (Public Access) Act (GIPA Act)

  • 12. Access to records via application under GIPA legislation is managed by UOW’s Information Compliance Office within the Legal Services Unit.
  • 13. Any requests for information under the GIPA legislation should be directed to the Legal Services Unit.

8 Disposal of Records

Temporary Records Retention

  • 1. Records must be retained for the minimum retention timeframe as specified in the general retention and disposal authorities issued under the State Records Act 1998 (NSW).
  • 2. Any additional retention requirements specified or implied in other legislation must also be satisfied.
  • 3. Additional retention timeframes may apply to satisfy UOW’s administrative, legal or financial needs. The Enterprise Content Management Unit must be advised of these decisions by the provision of a statement by the relevant Dean of Faculty/Director of Division/Director, Library Services that justifies longer retention taking into account storage issues as well as any related privacy issues.

Archives

  • 4. Decisions relating to the permanent retention of records as State archives will be based on an appraisal of the records in line with relevant general retention and disposal authorities issued under the State Records Act 1998 (NSW).
  • 5. Decisions relating to the permanent retention of other records as UOW historical archives will be based on an appraisal of the records in line with the University Archives Policy and other relevant policies and guidelines and assessment of their continuing value to UOW.
  • 6. Decisions pertaining to archival records should be directed to the UOW Archivist.

Record Disposal

  • 7. Records of UOW will be disposed of according to the destruction schedules in the State Records Act 1998 (NSW) summarised in GDA-23 University Records.
  • 8. The Enterprise Content Management Unit is responsible for the destruction of records or referral of records to the UOW Archivist.
  • 9. No records are to be disposed of without authorisation of the responsible Business Unit, and the Academic Registrar (or the Academic Registrar’s delegate).
  • 10. Completion and approval by Dean of Faculty/Director of Division/Director, Library Services of a UOW Records Disposal Register.
  • 11. Records documenting disposal activities must be retained within the RMS.
  • 12. Any records that relate to anticipated or current litigation or an anticipated or current request for access must be retained, regardless of any destruction schedule or approved disposal process. The relevant unit or faculty must notify the Enterprise Content Management Unit as soon as it is aware that records may be or are required, and the records will be removed from any destruction or disposal process. Those records may only be returned to a destruction or disposal process with the written approval of the Director Legal Services.
  • 13. Where the responsible Business Unit or parent Faculty cannot be identified, or has ceased to exist, the relevant member of the Senior Executive will be considered the “responsible Business Unit” for the purposes of disposal authorisation. Where this cannot be determined, the role will default to the Academic Registrar (or the Academic Registrar’s delegate).
  • 14. Disposal of all records, electronic and physical, must be undertaken in a secure manner in accordance with the State Records Destruction of Records Guideline.

9 Roles & Responsibilities

Academic Registrar (or Academic Registrar’s Delegate)

  • 1. The Academic Registrar (or Academic Registrar’s Delegate) has a responsibility to:
        • a. Implement and support a culture of strong records management compliance throughout UOW; and
        • b. Provide final authorisation of record disposal through the approval of the UOW Records Disposal Register.

Dean of Faculty/Director of Division/Director, Library Services

  • 2. The Dean of Faculty/Director of Division/Director, Library Services have a responsibility to:

Enterprise Content Management (ECM)

  • 3. Enterprise Content Management (ECM) has a responsibility to coordinate and maintain UOW’s Records Management Program, including:
        • a. management of the UOW Records Management System;
        • b. develop and review recordkeeping policies and associated procedures and standards;
        • c. provide recordkeeping training and education programs;
        • d. provide advice on recordkeeping practices and issues as part of an advisory service to Business Units across UOW;
        • e. provide advice and authorisation of record disposal activities in accordance with Retention and Disposal Authorities issued under the State Records Act 1998 (NSW); and
        • f. monitor the performance of Business Units against procedures and standards.

Faculties and Schools, Divisions and Units

  • 4. Faculties and Schools, Divisions and Units have a responsibility to:
        • a. ensure that they have implemented the requirements of the Records Management Program across their Business Units;
        • b. comply with UOW recordkeeping procedures;
        • c. ensure sustainability of their records management systems, and
        • d. manage their records from creation to local disposal.
  • 5. The following Records Contact roles should be appropriately delegated:
        • a. A Primary Records Contact is a Faculty or Unit representative and is point of contact for ECM in relation to Faculty-wide or Unit-wide record-keeping activities and issues.
        • b. The Secondary Records Contact is a senior officer delegated responsibility at a school or department level for record-keeping within that individual Unit. This staff member is the main contact for internal staff and is a contact point with ECM for specific unit level activities.
        • c. Local Records Contacts are staff members delegated responsibility at a Business Unit level for day-to-day record-keeping activities, such as record creation and classification. The Local Records Contacts should also be responsible for organising disposal activities.
  • 6. ECM must be informed when Record Contacts change. Training for new Records Contacts and refresher sessions can be organised through ECM. Where a restructure occurs, ECM should be consulted as soon as practical to plan and facilitate the transition of records between Business Units, as well as liaise regarding the transfer of relevant historical records to the UOW Archives as required.

UOW Staff

  • 7. All UOW staff have a responsibility to be aware of and comply with the Records Management Program and their responsibilities under it. This includes attending training or completing online training as required by UOW.
  • 8. Staff are responsible for ensuring that records supporting and documenting their business activities are created and captured in line with the provisions of this Policy and record-keeping procedures.
  • 9. Staff must also be aware of and comply with data protection principles, privacy, and confidentiality requirements specified in relevant legislation and UOW’s Code of Conduct.

10 Version Control and Change History

Version Control

Release Date

Author/Reviewer

Approved By

Amendment

1

26 September 2006

 

Administrative Committee

Entire policy redrafted to improve structure and ensure that compliance controls were explicitly outlined.

2

6 May 2009

 

Vice-Principal (Administration)

Migrated to UOW Policy Template as per Policy Directory Refresh.

3

18 February 2010

 

Vice-Principal (Administration)

Policy reviewed and minor editorial corrections made. Policy Custodian changed. New Review Date identified.

4

22 July 2012

Academic Registrar

Administrative Committee

Complete redraft to provide clarity in UOW Records Management Program requirements.

5

4 November 2013

 

Chief Administrative Officer

Updated to reflect title change from University Librarian to Director, Library Services.

Last reviewed: 26 September, 2014