CMTEDD Records Management Plan - Authorisation



Records Management ProgramVersion 1.1October 2016Document controlPrepared forChief Minister, Treasury and Economic Development DirectorateACT Compulsory Third Party RegulatorGambling and Racing CommissionACT Construction Occupations RegistrarChief Inspector Scaffolding and LiftsClinical Waste ControllerCommissioner for ACT RevenueCommissioner for Fair TradingDirector of Territory Records Environment Protection AuthorityLifetime Care and Support CommissionerRegistrar GeneralRegistrar, ACT ArchitectsWork Safety CommissionerThe ACT Government Executive The ACT Public Sector Standards CommissionerDocument OwnerCMTEDD Records ManagerChief Minister, Treasury and Economic Development DirectorateFile NameCMTEDD Records Management ProgramVersion1.1StatusFinalRevisionThe Records Management Program is to be reviewed and updated in its entirely every five years (or more frequently following major change to business operations and/or priorities) as a part of Chief Minister, Treasury and Economic Development Directorate’s business planning process. Progressive review of sections will occur more frequently.RevisionDescriptionDateAuthor1.0FinalSeptember 2016CMTEDD Records ManagerReview and authorisationThis Records Management Program has been amended to reflect changes in the Standards, Whole of Government Thesaurus and Disposal Schedules.Kathy Leigh Director-GeneralChief Minister, Treasury and Economic Development DirectorateDateContents TOC \o "1-1" \h \z \u CMTEDD Records Management Plan - Authorisation PAGEREF _Toc446429143 \h 4Records Management Program PAGEREF _Toc446429144 \h 5Records, Information and Data Management Policy PAGEREF _Toc446429145 \h 8Records, Information and Data Management Procedures PAGEREF _Toc446429146 \h 15Record Procedure – What is a Record? - Making and capturing records PAGEREF _Toc446429147 \h 16Record Procedure – Official Recordkeeping Systems PAGEREF _Toc446429148 \h 18Record Procedure – Email as a Record PAGEREF _Toc446429149 \h 19Record Procedure – Managing Web Content as Records PAGEREF _Toc446429150 \h 21Record Procedure – Social Networking and Collaboration Applications and Recordkeeping PAGEREF _Toc446429151 \h 22Record Procedure – Storage, movement and security of records PAGEREF _Toc446429152 \h 24Record Procedure – Records Description PAGEREF _Toc446429153 \h 26Record Procedure – Preservation of records PAGEREF _Toc446429154 \h 27Record Procedure – Disposal of records PAGEREF _Toc446429155 \h 28Record Procedure – Public access and use PAGEREF _Toc446429156 \h 31Record Procedure – Program evaluation and review PAGEREF _Toc446429157 \h 33CMTEDD Records, Information and Data Architecture Register PAGEREF _Toc446429158 \h 34Data Architecture Register PAGEREF _Toc446429159 \h 34CMTEDD Records Management Plan - AuthorisationIn accordance with the Territory Records Act 2002, and as Director-General of Chief Minister, Treasury and Economic Development Directorate (CMTEDD), I:authorise this Records Management Programcertify that this Records Management Program addresses all elements contained within Section 16 of the Territory Records Act 2002certify that this Records Management Program meets all the requirements set out in the Standard for Records, Information and Data released by the Director of Territory Records.This Records Management Program (RMP) provides a framework to ensure records, information and data management requirements are met.The RMP applies to CMTEDD and the list of entities noted on the document control page. For the ease of reading, they are collectively referred in this RMP as the Directorate. I have received authorisation from the principal officers of the entities that they are adopting this Records Management Plan as theirs.For the ease of reading, reference to Director-General is collectively referred in this RMP as the principal-officers of the above stated entities.Please note that coverage of this program does not extend to the management of political records, data and information that may be kept and managed alongside ACT Government records.The records, information and data management framework includes:Territory Records Act 2002Standard for Records, Information and Data released by the Director of Territory RecordsOther applicable legislation, policies and administrative directions of the ACT GovernmentRecords Management Program (this document)Records, information and data management (Policy, Procedures, and Record, Information and Data Architecture RegisterI authorise the appropriate resourcing of this Records Management Program, which includes the:promulgation of this RMP and the associated framework to staff, volunteers, consultants, contractors and outsourced providersappropriate management of records, information and dataregular assessment of records, information and data management capabilitiesplanning for, and continual improvement of, records, information and data management capabilities.Kathy LeighDirector-GeneralChief Minister, Treasury and Economic Development DirectorateRecords Management ProgramIntroductionThe Territory Records Act 2002 obliges the Director-General, Chief Minister, Treasury and Economic Development Directorate (CMTEDD) to ensure that the organisation and its staff comply with the Territory Records Act 2002, which includes the development, approval and implementation of this Records Management pliance with the Territory Records Act 2002This Records Management Program addresses all elements set out in section 16 of the Territory Records Act 2002 and meets the requirements set out in the Standard for Records, Information and Data released by the Director of Territory Records.Responsible Senior ManagerThe Director Corporate Management is the Executive in charge of records, information and data management, including the implementation and regular review of this Records Management Program. A key responsibility includes ensuring all staff, volunteers, consultants, contractors and outsourced providers comply with the policy and procedures for records, information and data.Relationship with the Director of Territory RecordsThe Director of Territory Records oversees the administration of the Territory Records Act 2002, provides an advisory and compliance-monitoring service, may provide reports to the relevant Minister on records, information and data management capabilities, and issues notifiable instruments (standards) that relate to the management of records, information and data.Therefore, arrangements are in place to liaise with the Director of Territory Records for:examining the operations of the Records Management Program and compliance with the Territory Records Act 2002advising on the outsourcing of any aspect of records, information and data management responsibilitiesrequesting assistance, advice and training in relation to records, information and data managementreporting on compliance with the Territory Records Act 2002, the Records Management Program and records, information and data management capabilitiesresolving disputes regarding compliance with the Territory Records Act 2002 and the Records Management Program.Capability assessment and maturity development (Capability Principle)The Director-General CMTEDD, in association with the Director Corporate Management will report annually to the Director of Territory Records on its records, information and data management capabilities using the Compliance Checklist Tool provided by the Territory Records Office or as required by the Annual Report Directions.Annual plans are developed and implemented to build capability-maturity that can include improvement planning, communication and training.Creating and managing full and accurate records (Identify Principle)CMTEDD works with the Territory Records Office to develop Records Disposal Schedules that identify the records the directorate must create to make and keep full and accurate records of its activities. The directorate is committed to processes for identifying its records and their significance that are accountable, consistent, objective, comprehensive, contextualised and documented. Requirements to create records of the directorates activities are contained in standing operating procedures for its business activities, in business systems manuals and in the following specific procedures:Record Procedure - What is a Record? – Making and Capturing RecordsRecord Procedure - Official Recordkeeping SystemsRecord Procedure - Email as a RecordRecord Procedure - Managing Web Content as RecordsRecord Procedure - Social Networking and Collaboration Applications and RecordkeepingThe business systems in use in CMTEDD that create records are identified in the Records, Information and Data Architecture Register.Metadata management (Metadata Principle)CMTEDD complies with recordkeeping metadata standards endorsed by the Territory Records Office. The Directorate uses the Whole of Government Recordkeeping Thesaurus to classify its records, information and data according to the business functions and activities they represent. Requirements to capture metadata for the directorate’s records are contained in standing operating procedures for its business activities, in business systems manuals and in the following specific procedures:Record Procedure - Record DescriptionMetadata requirements for business systems that contain records have been identified in systems management plans and manuals, data dictionaries and other systems documentation. This includes arrangements for the ongoing preservation and management of recordkeeping metadata.Protecting records, information and data (Protect Principle)Arrangements are in place to protect records, information and data. This includes ensuring the continued access to records, information and data for as long as they are required to be kept in accordance with the Territory Records Act 2002 (as defined by records disposal authorities). This includes the identification of endorsed locations for records storage, both in hard copy and digital form.Arrangements are in place to protect records, information and data in the custody of volunteers, consultants, contractors and outsourced providers to ensure the assets are returned or managed in accordance with the Territory Records Act 2002.Additional arrangements are in place to protect records, information and data that may allow people to establish links with their Aboriginal or Torres Strait Islander heritage, and for records, information and data that are to be retained in perpetuity for cultural and historical purposes.Instructions to staff and others on how to protect CMTEDD’s records, information and data are contained in the following documents:Record Procedure - Storage, movement and security of recordsRecord Procedure - Preservation of recordsBusiness Continuity PlansRecords disposal arrangements (Retention Principle)The Records Disposal Schedules used by this Directorate are reviewed annually and published as part of the Director of Territory Records’ Annexed report to the Directorate’s Annual Report. Records many only be destroyed in accordance with one of the schedules or the directorates accepted normal administrative practice. Normal administrative practice for CMTEDD is defined in ‘Record Procedure - Disposal of Record’. The organisation’s arrangements for the authorisation of the disposal of records, information and data, and for their proper destruction, are contained in the following documents:Sentencing and Disposal - Fact SheetNotification of Destruction of Records - Form Public access to records, information and data, and access exemptions (Access Principle)Arrangements are in place to provide public access to records, information and data under the authority of the Territory Records Act 2002. These arrangements also allow for the exemption of certain information, data and record assets, and the regular review of the exemption (as defined by section 28 of the Territory Records Act 2002). The directorate’s arrangements for providing public access to records, information and data are contained in the following documents:Record Procedure - Public access and useImplementation, compliance and reportingArrangements are in place to implement this Records Management Program.To monitor compliance with the Records Management Program, performance measures for records, information and data management activities have been established and include:information, data and records are created or captured in a full and accurate way and in endorsed locationsinformation, data and records are appropriately managed for as long as requiredmetadata requirements are implementedcapability improvement measures are planned and implemented.Reports on records, information and data management activities are provided to the Senior Manager Corporate Management, Information Management and Business Support by the records manager and/or records management unit.Availability for public inspectionArrangements are in place to ensure this Records Management Program is available for inspection by the public free of charge.A modified version of this Records Management Program may be more appropriate for public inspection where elements refer to the:existence of documents affecting relations with the Commonwealth and the states, or affecting the enforcement of the lawprotection of public safety.Records, Information and Data Management PolicyPurposeThis policy, authorised by the Director-General, Chief Minister, Treasury and Economic Development Directorate, in association with the Director Corporate Management, forms part of the records, information and data management framework for the creation, capture and management of records, information and data.This policy, along with supporting procedures, business tools and systems, training and communication strategies are essential elements of the records, information and data management framework.ScopeThis policy applies to all staff, volunteers, consultants, contractors and outsourced providers.This policy applies to all aspects of organisational business, all records, information and data created during business transactions, and all business applications used to create or store records, information and data including emails, cloud-based solutions, business systems, databases and websites.Policy statementInformation, data and records are vital corporate assets and their management is the responsibility of all who work directly and indirectly for CMTEDD.This policy provides the basis for how CMTEDD and its employees can adhere to legislative and better-practice requirements for records, information and data, including what is outlined in:the Territory Records Act 2002CMTEDD’s Records Management Programthe Standard for Records, Information and Datavarious guidelines to implement the Standard for Records, Information and Datainternational standards.CMTEDD and its employees must make, keep and manage full and accurate records, information and data in a timely manner to support business needs, government accountability, legal and regulatory obligations, community expectations and historical purposes.CMTEDD is committed to the proper management of records, information and data as mandated by the Territory Records Act 2002 and will ensure records, information and data are retained for as long as required in a readily accessible form.This policy should be referenced within most organisational policies and procedures to ensure its application is widespread and consistent.Definition of records, information and data managementRecords are information created and kept, or received and kept, as evidence and information by a person in accordance with a legal obligation or in the course of conducting business. Records, information and data management covers, but is not limited to, the creation, keeping, protection, preservation, storage and disposal of, and access to, records of the rmation, data and records management processes may be applied by all full-time and part-time staff, volunteers, consultants, contractors and outsourced providers as part of their duties. Some processes are solely carried out by the records manager and/or records management unit.Responsibilities for records, information and data managementEvery employeeAll staff are responsible for the creation and management of records, information and data about the work they perform for the organisation. Additional responsibilities also exist for certain categories of staff as outlined below.Director-General, Chief Minister, Treasury and Economic DevelopmentThe Director-General is ultimately responsible for the management of records, information and data, has authorised this policy, promotes compliance with this policy, delegates responsibility for records, information and data management to Director Corporate Management and ensures the Records Management Program is adequately resourced.Director Corporate ManagementThe Director Corporate Management is responsible for the active support of, and adherence to, this policy by promoting a culture of compliant records, information and data management, and overseeing the development and currency of strategic documents such as the Records Management Program, Records Management Procedures, Records, Information and Data Architecture Register, and information management plans.CMTEDD Records manager The records manager and/or records management unit are responsible for implementing and monitoring legislative and better-practice requirements for records, information and data, including the Records Management Program, this policy and organisational capabilities. An important aspect includes the identification of records, information and data management requirements, and the development, implementation and support of records, information and data procedures.ICT professional staffICT staff, including shared service ICT staff, are responsible for maintaining the technology for business systems, including appropriate system accessibility, security and back-ups. ICT staff should ensure that any actions, such as removing data from systems or folders, are undertaken in accordance with this policy, particularly in terms of the retain principle (outlined below).Security advisorThe security advisor provides advice on security policy and guidelines associated with the management of records, information and data.Managers and supervisorsAll managers and supervisors are responsible for ensuring their staff, consultants, contractors and outsourced providers are aware of and follow their responsibilities for records, information and data management. This includes addressing records, information and data management during performance review discussions and when establishing job roles and contracts, and ensuring the Records, Information and Data Management Policy is followed. They should also advise the records manager and/or records management unit of any changes in the business environment, such as new areas of business or the planned de-commissioning and procurement of business systems.Volunteers, contractors, consultants and service providersVolunteers, contract staff, consultants and service providers must create and manage records in accordance with this policy and supporting rmation, data and records management principlesInformation, data and records must be managed according to the following principles:Strategy: records, information and data must be appropriately managed using this policy and the Records Management Program.Capability: the organisational capabilities to effectively manage records, information and data will be reviewed annually, reported to the Territory Records Office, and plans developed and implemented to build capability-maturity.Identify: the business requirements to create and capture records, information and data will be analysed and the records managed accordingly.Metadata: records, information and data will be deliberately controlled following metadata configuration guidelines for business systems controlling records, information and data. Staff using the systems will ensure accuracy in data entry or configuration.Protect: records, information and data must be protected for continued access and reliability in endorsed locations.Retention: records, information and data will be retained in appropriate locations for as long as required to support business use, community expectations, legal requirements, and, where appropriate, for historical purposes. Records, information and data will only be destroyed following approved processes. This includes actively ensuring inaccessibility does not inadvertently occur.Access: records, information and data must be managed in such a way that they can be found, accessed, used and re-used when appropriate.Refer to the Standard for Records, Information and Data and the associated various guidelines in applying these principles.Legislation and Standards All government organisations must comply with a range of laws related to the creation and capture of records, information and data.Some legislative requirements apply to the whole of the Directorate. For example, occupational health and safety legislation requires an organisation to keep certain types of records for prescribed periods of time. Other legislative requirements may apply only to a particular business unit or one of a number of business units.All business units are responsible for understanding and complying with the relevant standards and legislation governing its own recordkeeping requirements.Legislation and standards includes:Specific:Specific legislation applicable to CMTEDD can be found in the ACT Government’s Legislation Register. A hard copy of the relevant legislation can be made available on request.General:Territory Records Act 2002Freedom of Information Act 1989Evidence Act 2011Information Privacy Act 2014Health Records (Privacy and Access) 1997 Electronic Transactions Act 2001Public Sector Management Act 1994Financial Management Act 1996Work Health and Safety Act 2011Working with Vulnerable People (Background Checking) Act 2011International and Australian standards, Regulations etc:Standards and Regulations help guide the organisation in performing its functions. CMTEDD operates in line with numerous standards, regulation, schemes, notifications, directions, delegations, and memorandums that relate to the areas of responsibility of the following:Access to government informationACT Public ServiceAudit policyChief Digital OfficerCommunication and community engagementGovernment strategy and policyIntergovernmental relationsRegional developmentRegulatory reformSupport to CabinetAccess CanberraBuilding, utilities, land and lease regulationElectricity and natural gas, water and sewerage industry technical regulationEnvironment protection and water regulationFair trading and registration, inspection and regulatory services (including transport regulation and licensing)Occupational licensingPublic health protection and regulation (food services)Public unleased land regulation (permits)Racing and gaming regulationWorkSafe ACTACT Insurance AuthorityBorrowing, funds management and infrastructure financeBudget process and financial reportingConcessionsFiscal and economic policy including competitionGovernment business enterprisesInsurance policyRevenue OfficeShared services, including transactional services and ICT servicesTaxation and revenue policyCapital works and procurementDigital CanberraGovernment accommodation and property servicesInnovation, trade and investmentSkills and economic developmentArboretumTourism and events (including Territory venues)Infrastructure financeRacing and gaming policyACT Public Sector workers compensation improvementAsbestos (Coordinator-General)Private sector industrial relations and workers compensationWork safety policySport and recreationHigher education and researchState Training AuthorityVocational education and trainingHealthy Weight InitiativeArt and cultural policy and servicesSmall businessRecords management specific:AS ISO: 15489 – Standard on Records ManagementSA/SNZ TR ISO: 26122 – Work Process Analysis for RecordkeepingAS: 5044 – AGLS Metadata StandardAS/NZS 5478:2015 Recordkeeping Metadata Property Reference SetISO: 16175 – Principles and Functional Requirements for Records in Electronic Office Environments.Associated policiesA range of policies relevant to the management of records, information and data must be applied alongside this policy, including, but not limited to:ACT Government’s Code of ConductACT Government’s Code of EthicsACT Government’s Open Government PolicyACTPS Digital Records PolicyACT Government Social Media PolicyBusiness Continuity Management PolicyACT Government Protective Security Policy FrameworkACT Government Website PolicyCMTEDD Clean Desk PolicyCMTEED Protective Security PolicyCMTEDD Information Privacy Policy CMTEDD Digital StrategyAdministrative directions of governmentA range of government-wide administrative directions associated with the management of records, information and data must be applied alongside this policy, including, but not limited to:The ACT Government Cabinet HandbookPublic Interest Disclosure GuidelinesFreedom of Information Guidelines Disaster and Business Continuity Recovery PlansRisk Management Framework, Plan and RegistersFraud and Corruption Prevention Plans Internal Audit ProgramProtective Security GuidelinesEndorsed locationsOnly endorsed locations can be used to store records, information and data to ensure their appropriate management. For locations to be endorsed, they must be registered with the records manager and/or records management unit (forming part of the Records, Information and Data Architecture Register) to help ensure appropriate records management processes can be applied and, where appropriate, supported by the development of information management plans.Endorsed locations include:ElectronicObjectiveTRIM (only in areas where electronic document management has been established)Approved business applicationsPhysical Shared Services, Record Services, Building 7, 9 Sanford St Mitchellapproved commercial records storage providers eg Recall, Grace and Iron mountain workplaces that accommodate CMTEDD staff (excluding unoccupied out buildings)Locations that are not endorsed include:ElectronicTRIM (in areas where electronic document management has not been established)email accountsG, H, W, or C: drives or their equivalent portable devices e.g. USB flash drives, CDsSharePointunapproved business systemspersonal IT devices e.g. personal phone or PCPhysicalunoccupied out buildings self-storage facilities e.g. U-Stow-It locations not under the direct control of the Directorate e.g. personal residencesany other location that could reasonably be seen as representing a risk to physical records.Contact the records manager and/or records management unit for the endorsement of locations.OwnershipAll records, information and data generated by full-time and part-time staff, volunteers, consultants, contractors and outsourced providers as part of their duties are Territory records and belong to the ACT Government and not to individuals or companies.Procedures for records, information and data managementThis policy is supported by the Records, Information and Data Management Procedures and forms part of the broader records, information and data management framework.The procedures detail the way staff – including volunteers, contractors and consultants – in the organisation will create, capture, manage, care for, keep and access records, information and data.The records manager and/or records management unit are responsible for coordinating the development of procedures for these processes.Adherence to the requirements of the procedures is obligatory for all staff, volunteers, consultants and contractors to ensure legislative requirements are met.Feedback about this policyWhere there are questions or concerns regarding this policy, its application or how it relates to other polices or directives, contact: CMTEDD Records Manager HYPERLINK "mailto:CMTEDDCorporate@.au"CMTEDDCorporate@.auRecords, Information and Data Management ProceduresPurposeAll staff are responsible for the creation and management of records, information and data, and these procedures (and advices) will assist staff to meet their rmation, data and records management procedures form part of the records, information and data management framework, and are designed to complement the Records, Information and Data Management Policy.These procedures and advices aim (in conjunction with the Records, Information and Data Management Policy) to promote consistent and coherent processes and practices, and form part of the organisation’s normal administrative practices.The records manager and/or records management unit are responsible for coordinating the development and promulgation of these procedures and advices.ScopeThe procedures are designed to provide directions for records, information and data management for a range of processes undertaken by all staff, volunteers, consultants, contractors and outsourced providers as part of their duties.Some procedures are solely carried out by the records manager and/or records management unit while some should be followed by other business areas.ResponsibilitiesThe Director-General, Chief Minister, Treasury and Economic Development Directorate is ultimately responsible for the management of records, information and data, and has authorised the Records Management Program and the Records, Information and Data Management Policy under which these procedures have been developed.The Director Corporate Management is responsible for the active support of, and adherence to, the Records Management Program, the Records, Information and Data Management Policy, and the Records, Information and Data Management Procedures.ImplementationAll managers and supervisors have a responsibility to foster an environment that promotes good records, information and data management. Effective implementation requires managers and supervisors to monitor their staff, volunteers, consultants, contractors and outsourced providers to ensure they understand and apply relevant records, information and data management procedures.Review dateThese procedures are subject to regular updating by the records manager and/or records management unit.At a minimum, these procedures will be reviewed and updated at least every five years or as required (such as after significant administrative change).Record Procedure – What is a Record? - Making and capturing recordsWhat is a Record?AS/ISO Standard for Records Management 15489 defines a record as:Information created, received, and maintained as evidence and information by an agency or person, in pursuance of legal obligations or in the transaction of business. The Territory Records Act 2002 requires all agencies to make and keep full and accurate records of their business activities:To provide evidenceFor ongoing useTo allow public access to them consistent with the principles of the Freedom of Information Act 1989For the benefit of future generationsRecords need to be maintained in a manner that allows for accountability of the processes and decisions of government. They must also be a complete record, have content, context and structure, and accurately reflect what was communicated, decided or done. Records are a critical outcome of the business activities, regardless of format. Digital records are records that have been ‘born digital’ such digital photographs, videos and audio, websites, database entries, as well as analogue records that have been digitalised such as scanned version of paper records.Principles of full and accurate recordsComplete – in order to be understoodAdequate – for the purposes for which they are keptAccurate – with description and control mechanismsAuthentic – to show the business transactions they purport to representUsable – by being identifiable, retrievable, accessible and availableInviolate – with appropriate security requirementsCapturing RecordsMuch of the work of staff results automatically in the creation of a record (paper or electronic). To make the records adequate for the purpose of evidence they must be legible and dated and captured into the record keeping system.Where an individual performs an action that does not in itself generate a record (such as a conversation), they should decide whether a record needs to be made (e.g. will they have to account for that action later?). Notes of significant telephone conversations should be made at the time, dated and placed on file. Creating records in these circumstances has a significant cost benefit in terms of improved decision-making. Electronic messages (email and faxes) and web pages are records, too, and should be captured in the record keeping system.In cases where decisions are made as part of a process with established procedures and criteria, the records should clearly show that established criteria have been consistently applied. Where a decision maker departs from the norm, the reason for doing so should be documented.In some business processes, such as the development of reference documents and policies, draft of the same document may be retained to provide evidence of the process. Each draft may be a record valuable for future reference in its own right. In most cases drafts can be discarded once the final document has been developed. This is a risk-based decision dependant on the importance of the transaction.Further information:Records Advice No. 01 What is a record? Records Advice No. 03 Email as a Record Records Advice No. 05 Electronically created records Records Advice No. 53 Managing web content as recordsRecords Advice No. 56 The Recordkeeping Responsibilities of ACT Government EmployeesRecord Procedure – Official Recordkeeping SystemsThe directorate holds records in a range of formats, such as paper, digital records, microfilm, maps, plans, drawings, photographs, audio, video and handwritten documents. It operates with recordkeeping systems for paper-based and digital records. The directorate has two official digital recordkeeping systems – TRIM (RM8) and Objective. These are capable of maintaining and providing evidence of its business activities over time to satisfy the Directorate’s record keeping needs. The directorate also has paper-based recordkeeping systems (registered files), and a number of business systems that collect and maintain records.It is important to note that in relation to TRIM (RM8), only a small number of areas have been setup and authorised for use as an Electronic Document Management System, the other main use for TRIM (RM8) in the directorate is for tracking and workflow management. If your area has not been established in TRIM or Objective as an EDRMS you should ensure that records are captured in register paper-based files.There are a number of business systems across that directorate that collect information from and about our clients (records ‘born’ digital). The Digital Recordkeeping policy recognises that not all business systems need to be able to keep records, and that systems which are not official record keeping systems mentioned simply must have the capability of exporting records and their metadata to other systems which do comply and can appropriately manage them.Business areas which manage business systems should ensure that they liaise with the CMTEDD Records Manager about the retention of the records, information and data within the business system, including appropriate metadata.A list of business systems is included on the Directorate’s Records, Information and Data Architecture mon drives, such as g: and h: drive, email accounts and portable devices, are not official recordkeeping systems.It is also essential that records are not only identified and captured in an appropriate system, but they are also classified, stored appropriately and only destroyed as authorised. Reference should also be made to:The Whole of Government Thesaurus of Terms which assists in retrieval, classifying records, titling and indexing of recordsThe Whole of Government Records Disposal Schedules which ensures legal disposal of paper files and recordsRecord Procedure – Email as a RecordThis procedure reflect the TRO’s Records Advice No. 3 “Email as a Record” and is prepared to provide a guide to capturing emails and attachments as records as part of their normal business activities under the requirements of the Territory Records Act 2002. Email is an integral part of the official business communication of the ACT Government. Email sent or received that contains information about business activities can function as evidence. Therefore, email can be an official record of the ACT Government. There are two main types of email messages, these are: Records required for agency business: Transactions that provide evidence of business activities – for example, client records, personnel records, development of policy issues and records of the rights and obligations of the agency. These records, including any attached documents, must be captured into an agency’s recordkeeping system. Material of ephemeral value: Information messages that may have a business context but are not part of a business transaction – for example, notification of a meeting, personal or social messages. This material does not need to be captured into an agency’s recordkeeping system. In order to maintain their value as evidence, emails cannot be altered or manipulated, for as long as they are retained. They must also be a complete record, have content, context and structure, and accurately reflect what was communicated, decided or done. Content is the substance of the message, either in the body of the text or in an attachment to the message. Context includes all information about the circumstances in which the message is created, transmitted, maintained and used. Structure refers to the way the parts of the message relate to each other; for example the original message and its reply must appear as a “string” or the system needs to be able to provide both a contextual and structural view. The benefits gained by agencies from properly managing their emails include: Rapid and efficient access and retrieval of records for operational and legal requirements; Protection from loss or inadvertent destruction of agency records; The full and accurate documentation of business activities; Efficient management of disk space on networks; and Routine deletion of ephemera. Agencies should be alert to the business and security risks associated with electronic records. The unmanaged making, use and storage of emails can result in poor service delivery, accountability failures, loss of corporate memory and, over time, diminished cultural assets. Who keeps the record? Where the initiator of an email has access to the agency’s recordkeeping system, the initiator of the email and any attachments is responsible for capturing the records into the agency’s recordkeeping system. Wherever possible the initiator should link the email to the attachments and relevant file number to create the link to the agency’s recordkeeping system. Emails, including any attachments, received from outside of an agency are records of that agency, and must be captured as individual records into the agency’s recordkeeping system by the receiver in line with specific recordkeeping system procedures. The recipient of the message should make their own decisions as to whether they are involved in the business transaction of the message or whether they are only receiving a copy for interest. If the message is subsequently forwarded to other recipients, with added content, the message has become a new record and again needs to be captured into an agency’s recordkeeping system. Before any email is deleted from an agency’s email system a decision on whether or not it is a record needs to be made. When messages from IT system administrators are received asking for the deletion of emails to provide space on group drives it is the responsibility of individual officers to capture any emails and any attachments that are agency records into the agency recordkeeping system. Record Procedure – Managing Web Content as RecordsThis procedure reflect the TRO’s Records Advice No. 53 “Managing web content as records” and is prepared to ensure that information made available on ACT Government websites, webpages and the associated electronic transactions, are captured as an agency record. The publication of a webpage is a business transaction and is therefore subject to the agency Records Management Program. In order to be full and accurate, records must be authentic, reliable, complete, unaltered and useable; and the systems that support them must be able to protect their integrity over time. The documents that comprise the webpage can be captured in their native format. Static websites can be captured by periodic snapshots. Dynamically generated web resources in a fully functional state can be archived. The major issue for agency records managers is the need to choose whether to use an object-based or an event-based approach to keeping records of web resources and activities. That is, an agency needs to determine whether it wishes to focus on keeping records of the individual transactions between clients and servers, or the objects that comprise the content of the site at any given time. Webpage and website records must be: Captured into an identifiable recordkeeping system at the point of creation; Captured as full and accurate records and include all metadata and embedded links to other resources including documents (word processing, spreadsheets etc.), graphics, sound, music, video, images and animations that constitute part of the record; Accessible as provided for by the Territory Records Act 2002 and Freedom of Information Act 1989; Effectively stored, preserved and managed in an Electronic Records Management System (ERMS) and complies with Records Standard No. 6 – Digital records to ensure the records remain accessible, usable, reliable and authentic in accordance with recognised best practice information management practices for records and its metadata; Disposed of according to approved and valid records disposal schedules that are not based purely on its creation date, or a predesignated date of inactivity. Before an automatic or manual overwriting or deletion occurs, webpages are to be appraised and a determination made as to their value and any requirement for ongoing retention; and Supported by a records management regime including: a Records Management Program; relevant policies and appropriate procedures. Further information:Record Advice 26: ACT Government application of metadataRecord Procedure – Social Networking and Collaboration Applications and RecordkeepingThis procedure reflect the TRO’s Records Advice No. 55 "Social Networking and Collaboration Applications and Recordkeeping" and is prepared to ensure that social networking and collaboration applications on the Internet which are authorised for use by agencies as part of their normal business activities do not compromise ACT Government records or breach the Territory Records Act 2002.What Are Social Networking And Collaboration Applications? This records advice does not specify what each type of application does but concentrates on the recordkeeping implications arising from the use of the technologies. Broadly, types of social networking and collaboration applications are: blogs social bookmarking collaborative editing tools social networking systems instant messaging syndication and notification technologies media sharing services wikis Agencies should make decisions on what needs to be captured before using any social networking and collaboration applications. The best way of doing this is to conduct a functional analysis in accordance with the Territory Records Office Principle 3 – Assess. Appraisal analyses an agency’s legal and administrative requirements to ensure that comprehensive records of its activities are made, captured into recordkeeping systems and retained for as long as they are needed, either by the agency or the community generally. When deciding what records need to be kept agencies should consider: business requirements; legal and regulatory requirements cultural and heritage requirements Recordkeeping requirements for these records should be reflected in agency policies and procedures and business systems and processes should have the recordkeeping functionality to meet these requirements built in. Other Issues Using these applications can produce other issues that need to be considered. Confidentiality and Security Agencies should consider any confidentiality or security issues surrounding the use of these types of applications. Responsibilities and acceptable use policies and procedures should detail what is acceptable to post, publish or text, etc. and what is not. The use of online collaboration tools like Google Docs may not be appropriate for projects that may have commercial sensitivity or security implications. Copyright/Intellectual Property Rights Agencies should read and be aware of any terms and conditions for using these applications and sites as they sometimes contain conditions that assign content rights so that intellectual property placed on such sites may become the property of those sites. Policies and procedures for using these applications should, where appropriate, reflect the fact that their use implies ownership by the agency.Personal Use Agencies should ensure all staff is aware of the purpose of each application and that they use them accordingly, (e.g. collaboration applications should only be used for business purposes). Volatility The content of social networking and collaboration applications can change quite rapidly so agencies need to decide on set times to capture content. Agencies may also need to implement some form of technological ‘bridge’ to enable direct capture into a recordkeeping system of content from high risk sites or applications. Risk Assessment Agencies should conduct a risk assessment on using social networking and collaboration applications to assess recordkeeping risks that include security, integrity and accessibility of the records for the required length of time.Further information:Record Advice 71: Social Media and recordkeeping requirementsRecord Advice 72: Social Media recordkeeping strategyRecord Advice 73: Social Media recordkeeping approachesRecord Advice 74: Social Media recordkeeping scenariosRecord Advice 75: Instant messaging and recordkeeping considerationsRecord Procedure – Storage, movement and security of recordsLocation of recordsRecords should be stored in an endorsed and secure location. As well as our digital records, Directorate paper records are located at various workplaces, at Record Services (Mitchell) and at Recall, Iron Mountain and Grace. As a general rule, records should not be retained by individuals for longer than they need them for the purposes of current work.Finding recordsInformation is made about records as they are made, captured and received (metadata). Recordkeeping systems use this information to find records. It is usually accessible to staff in the form of indexes, registers, spreadsheets or other searchable metadata especially in TRIM (RM8), Objective and business systems.The access tools and finding aids available to help ascertain the existence of records or to locate records required for work are:searching electronic record keeping systems (HP Records Manager and Objective)sending a search request to Record Services (Shared Services, ACT Record Services) sending a search request to Recall, Iron Mountain and Grace for archived recordsHelp in finding and locating records is also available from the CMTEDD Records Manager.Access to recordsRecords are the directorate’s property and may contain a significant amount of confidential, financial, personal and private information. Because of this, access to records should be on the basis of the need to use them for authorised work. Browsing records out of curiosity is not permitted.Records should be handled and accessed in line with the CMTEDD Clean Desk Policy and the INFOSEC- Protective Security Education Guideline.Staff should also refer to the ‘need to know’ policy available on the staff intranet.Storage and Security Manager and supervisors must specify the level of security and protection to be given to records as well as how access to records will be managed over time. All records, regardless of format, need to be stored in an appropriate and secure environment. It is important that these points are considered from the time records are made. The level of security applied to records should reflect the value or sensitivity of the information contained in records.Security restricted records are those records whose unauthorised disclosure would damage security or individual privacy, give unfair commercial advantage or cause harm to an individual or organisation. Special attention should be given to the handling, storage, access and authorisation of such records. As a general rule, security restricted records must be appropriately marked, kept secure, not transmitted and not photocopied.Storage options need to involve an assessment of the characteristics of storage facilities and associated services, and the physical characteristics of the records as well as the operational environment and the information content of the records. Storage must protect the records from inappropriate access as well as damage.Records should be stored in an endorsed location and in line with the CMTEDD clean desk policy Further information:ACT Protective Security Policy and Guidelines 2009Records Advice No. 21 Security classification Cabinet documentsRecords Advice No. 22 Security classification of non-Cabinet documents Guideline No. 7 Physical Storage of Records CMTEDD Clean Desk PolicyCMTEDD Need-to Know FactsheetINFOSEC - Protective Security Education GuidelineMovement of recordsThe movement of paper records is another aspect of the record security and control. The methods chosen will vary with the types of systems used. The movement of paper records into and out the directorate is managed by records management staff and/or officers who have access to the relevant system.Contact should be made with the Records Manager prior to the return of records to off-site storage areas. This will allow for the appropriate transfer of the records and ensure that the current description and ownership of the records is current and accurate.Further information:Returning Bulk Files to Record ServicesSentencing and DisposalRecord Procedure – Records DescriptionWhole of Government Thesaurus of TermsThe Whole of Government Thesaurus of Terms is a controlled vocabulary of terms designed for the use of classifying, titling and indexing of records on creation.The Whole of Government Thesaurus of Terms incorporates 8 common functions along with other identified functions performed by the ACT Government have been developed following consultation with directorates and after consideration by the Territory Records Office (TRO) via a formal approval process. The terminology used in the Whole of Government Thesaurus is directly linked to the terminology used in the Whole of Government Records Disposal Schedules.The Whole of Government Thesaurus is mandated by the Territory Records Office for use by all ACT Government directorates and agencies as part of their classifying and titling of paper and electronic records.Further information:Whole of Government Thesaurus Guideline No. 3 Records Description and ControlTitling records – in recordkeeping systems The primary aim of titling a record is to be able:to assist in identifying recordsto act as an access point for usersto distinguish one record from another; andto enable searching based on words, phrases and numbers describing the record or file.Officers must construct file titles using the Whole of Government Thesaurus and commence with a function e.g. HUMAN RESOURCES followed by an activity relating to that function e.g. Remuneration and include a third level using free text or a subject descriptor or a combination of the two e.g. Attendance – Flex Time Sheets - Temporary Contractors July 2014. The completed file title would be for example HUMAN RESOURCES - Remuneration – Attendance – Flex Time Sheets - Temporary Contractors July 2015..The free text component of the title should be sufficient to differentiate it from other records. It should include a descriptor which defines the subject or topic content, a name for example, an organisation, an individual, or a project and a date for example 2 May 2014.Acronyms should not be included in file titles unless approved e.g. NSW QLD etc. It is recommended that names are fully expanded followed by acronym in parenthesis e.g. The Canberra Hospital (TCH).Record titles must be meaningful i.e. they must carry sufficient information to correctly understand the transaction that created and used them. Consider the next person who has to find information about a particular subject or topic.Record Procedure – Preservation of recordsThe prime strategies for preserving records are to ensure that all staff treat records carefully, to implement adequate storage standards and record handling practices, and to use archival quality material for records expected to have a long life. Preservation of electronic records requires strategies to migrate records to new systems in such a way that the records can be maintained as reliable, authentic evidence over time.Records that have deteriorated over time or suffered damage by use of through disastrous events may require specific conservation treatment by experts. Advice on suitable treatment and on the availability of experts is available through the Territory Records Office and Records Manager. Disaster prevention and recoveryDisaster planning and preparedness must include plans for the protection of records and for the recovery of records that suffer the effects of fire, flood, building damage for other disasters.Detailed recovery plans will be required and prepared for records that are considered to be at high risk and/or value. Arrangements for preserving records containing information that may allow people to establish links with their Aboriginal or Torres Strait Islander heritageSection 16(2)(i) of the Territory Records Act 2002 requires agencies for make arrangements for preserving records containing information that may allow people to establish links with their Aboriginal for Torres Strait Islander heritage. Section 17(1)9d) requires directorates to consult with the Territory Records Advisory Council about such arrangements before the Principal Officer approves the directorates Record Management Program.The ACT Government’s response to the Bringing Them Home report included a commitment to assist indigenous Australians to trace links to their families and communities. This requirement is to aid in the fulfilment of that commitment. A survey in 2001 of Aboriginal and Torres Strait Islander records in the custody of the ACT Government concluded that:“…. there is few records in the custody of the ACT Government that contain names or other details of any significant number of people indentified as Indigenous which would be of use in assisting family reunion.”It listed some such records and noted that individual records containing name and family information about Indigenous people that could potentially assist in family reunion may be discovered serendipitously from time to time. Local procedures must therefore include arrangements for preserving such records where they exist or are discovered. Business units are advised to contact the Records Manger to discuss any records that they may need to be preserved for such purposes.Further information:Records Advice No. 60 Managing Aboriginal and Torres Strait Islander Records Record Procedure – Disposal of recordsTerritory Records cannot be destroyed or otherwise disposed of without first being appraised. Territory Records Office Principle 3 - Assess details the requirements for appraisal of ernment records are an important source of information and evidence about the jurisdiction to which they relate. The ACT Government seeks to preserve Territory records for the benefit of all Australians. The appraisal process determines which records meet the criteria and should therefore be preserved and made accessible for research. Appraisal also examines accountability and business requirements in order to determine when records, which do not meet these criteria, have served their accountability and business purposes and can therefore responsibly be destroyed.Some Territory records will be retained and preserved as archives. These are records that document:significant policies and actions of the Territoryinteractions of government with the people and their environmentsocial, political, cultural and economic development of the Territory as it is influenced by government activity.Records Disposal Schedules that apply to the DirectorateRecords Disposal Schedules are a systematic and comprehensive listing of categories of records made and/or kept by the Directorate, which plans the life of those records from creation to ultimate disposal or use as Territory Archives. The Records Disposal Schedules document whether records should be retained or destroyed once they are no longer required to meet business needs, the requirements of agency accountability and community expectations. Retention periods set down the minimum periods only and the Directorate may keep records for longer periods if considered necessary for business requirements. The Records Disposal Schedules used by this Directorate are reviewed annually and published as part of the Director of Territory Records’ Annexed report to the Directorate’s Annual Report. In all cases a proper review should be undertaken with the assistance of the Records Manager prior to the completion of any disposal and includes the completion of a Request to Destroy Records application available on the staff intranet.Further information:Whole of Government Records Disposal Schedules Records Advice No. 42 Sentencing Legacy Records Records Advice No. 36 Destruction of ACT Government Records Normal Administrative Practice (NAP)NAP refers to common practices for destruction of ephemeral, duplicate or transitory material of no evidentiary or continuing value, which normally can be destroyed immediately or as soon as reference ceases. NAP is not intended to replace the use of approved Records Disposal Schedules, which are the authority for destruction of directorate records.Material that can normally be destroyed using NAP includes:working papers consisting of rough notes, calculations, diagrams etc, used for the preparation of recordsduplicates and copies of documents where the original is safely retained within the Directorate’s record keeping system – ensure this is the case before destroying the copydrafts where the contents have been reproduced in a final documentmodifications and updating of data as part of running established electronic software programs, where such processes do not result in the loss of data of continuing valuepublished materials used as reference only including pamphlets, leaflets and brochuresinformation from other organisations which is not essential to the Directorate’s functions personal paraphernalia such as initiations, tickets, brochures etc.Further information:Record Advice No 2 Normal Administrative Practice (NAP) Sentencing - Implementing the Whole of Government Records Disposal Schedules Records Disposal Schedules are applied to records by ‘sentencing’. Selecting the entry in the Records Disposal Schedule that applies to that record and allocating the appropriate retention period completes this procedure. By including disposal information at the time of making the files, many of the tasks involved with records disposal can be streamlined. Generally, it is most effective to require implementation at the time records are made as a responsibility for all staff that make or capture records. Implementing disposal action for older records will normally be the responsibility of Manager/Supervisors, with the assistance of administrative staff.Pre-self government recordsThere are several options for dealing with managing the appraisal for pre- self government records:We may elect to retain a pre-self government records (that made prior to 1989) in which case they do not need to be retrospectively appraised. These records are available for public access under s26 of the ACT unless they are covered by an approved exemption of the ACT.The records may also be appraised in accordance with Directorate’s Record Management procedure using approved Records Disposal Schedules. This should be done in consultation with the ACT Government Reference Archivist and the Records Manager.Authorised destruction of recordsAll staff must:only use the current approved Records Disposal Schedules and have a fully completed Request to Destroy Records application that authorises the destruction of recordsensure that they have received appropriate training or guidanceensure that the Records Disposal Schedule is correctly applied to records andensure that all sentencing decisions are recorded and retainede.Secure destructionRecords approved for destruction must be transported and disposed of securely. This means that the records should not be accessed during transit, they should be immediately taken from the vehicle and destroyed, and the information contained in the records should not be retrievable following destruction. Pulping is the preferred method of destruction for paper records, although shredding may be suitable for non-sensitive material. Records in other formats such as computer hard drives, film and video should be destroyed by appropriate methods. All destruction must take into account the ACT Government sustainability principles and all relevant Territory information technology and information security standards when destroying records. Further advice can be sought from the Records Manager.Record Procedure – Public access and usePublic access of Records The Territory Records Act 2002 provides for a general right of access to records to meet the obligations of government to “support accountability and democratic government and to enrich the community through a source of cultural and collective memory”.The public access provisions of the Territory Records Act 2002 came into effect from 1 July 2007. These provisions give the public a statutory right to access Territory Records that are more than 20 years old. The directorate has exemptions to the public access provisions under the provisions of the Freedom of Information Act 1989 in accordance with Section 28 of the Territory Records Act 2002. A full list of exempt documents can found here. Assistance to the publicUnder Section 27 of the Territory Records Act 2002, directorates are required to assist members of the public to make applications for access to records and must comply with any access request in a ‘reasonable time’. The timeless for these requests are:less than 30 days for standard requests no more than 90 days except for the most complex or large requests.The Territory Records office through Archives ACT manages, on behalf of the directorate, any public access requests. It is important to note that the directorate is still responsible for the completion of any decision making and record searches that may be required as result of that request.If asked to supply records in response to a request from the public Managers/Supervisors of the business unit should ensure that a thorough and complete search of relevant records is completed within appropriate time frames.Exemptions from access (Section 28)Under section 28 of the Territory Records Act 2002, directorates may apply to the Director of Territory Records to have records exempted from public access under a number of provisions set out in the Act. These provisions are from the Freedom of Information Act 1989 and relate to records:affecting relations with Commonwealth and Statesaffecting enforcement of law and protection of public safetyaffecting personal privacysubject to legal professional privilege ordisclosure of which would be in contempt of the Legislative Assembly or court.When such a declaration applies there is no entitlement to access the record under the provisions of the Territory Records Act 2002: however access may be permitted under the Freedom of Information Act 1989.The decision to exempt records from public access can be appealed through the provisions in the Freedom of Information Act 1989.Further information:Records Advice No. 11 How a Section 28 declaration is madeProvision for the regular review of records to which a declaration under Section 28 applies is necessary.Because the sensitivity of information decreases with time, records to which a Section 28 declaration applies need to be regularly reviewed to ensure that the reasons for seeking the declaration remain current. Any application for exemption may be reviewed annually by liaising with the Director of Territory Records about the declaration.Cabinet recordsSome records are already available for public access under the legislative arrangements. Part 3A of the Territory Records Act 2002 allows Cabinet records to be released for public access after 10 years.Record Procedure – Program evaluation and reviewPerformance measurement and evaluationThe Records Manager has responsibility for arranging periodic audits of all aspects of the Procedures to ensure compliance with the rules and practices outlined in them. This monitoring evaluates the performance of the Records Management Program to determine whether it is meeting corporate objectives and relevant standards.Performance measures include:regular audits of compliance with the records management program, against compliance with requirements of the Act and Standards, and against compliance with other external requirements affecting recordkeepinguse of protocols and procedures, including those in official recordkeeping systemsapplication of correct Functions, Activities and Disposal Schedules when records are createdformal program evaluations and operational auditsnumber of staff trained in records management processesnumber of records archivednumber of records identified for destruction, and those destroyedmeasuring the satisfaction of customers of records management servicesProvision for review of ProgramThe Records Manager has responsibility to review and replace or amend the Records Management Program on a rolling basis, so that the entire Program is fully reviewed at least every five years. The next completed review is scheduled for 2020.CMTEDD Records, Information and Data Architecture RegisterThis Records, Information and Data Architecture Register provides a high-level overview of the business systems used by an organisation and, where possible, outlines how records, information and data can be used, described and organised.This Records, Information and Data Architecture Register:has senior management endorsement for its intent, application and maintenanceidentifies the business processes supported by the organisation’s business systemsidentifies the value of the information, data or records and the minimum retention requirementsinforms preservation, migration and retention planning for business systemsis enterprise-wide, providing an organisational view across platforms and systemsshows any relationships between different business systems, including the duplication or reuse of datapromotes flexible, standards-based information sharing and re-rmation management planningThis Records, Information and Data Architecture Register provides a high-level overview of the business systems used by an organisation and, where possible, outlines how records, information and data can be used, described and organised.To augment this register, each business system should be supported by an information management plan developed in liaison with the identified business owner. An information management plan should:identify the owner of the business systemdescribe the purpose for business system (including an overview of the information, data or records)identify the relevant business classification scheme terms (function/activity)identify the relevant disposal class numberstate any system operating requirements (Windows, web-browser, and so on)provide the physical location of the server (Hume, for example)state the size of the data stored (gigabytes, for example)nominate the plan for continued retention and access to the records, information and data at the point of decommissioning the business system.Data Architecture Register A Data Architecture Register (Business Systems Register) will be developed as part our 2016 -17 action plan and will incorporate, at a minimum, details of the owner and business system name, the purpose and overview of the system, indicate if the records are vital, high risk or permanent and include business classification (function and activity), disposal class and the retention period of the contained records. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download