Recordkeeping (IS40)

Policy

Public authorities are required to make 'full and accurate records' of their activities in accordance with the Public Records Act 2002 (the Act). This Information Standard, managed and administered by Queensland State Archives, helps public authorities meet their recordkeeping obligations under the Act.

Recordkeeping practice should be a systematic part of the essential business activities of all public authorities. This enables records to be identified, captured and retained in an accessible and useable format, preserving their evidential integrity for as long as they are required. This Information Standard aims to foster continual improvement in recordkeeping practice across the Queensland public sector. The principles in this Information Standard underpin the principles of Information Standard 31: Retention and Disposal of Public Records.

Definitions for terms used in this Information Standard can be found in the Glossary of Archival and Recordkeeping Terms on the Queensland State Archives’ website.

Policy

Public authorities must ensure that their recordkeeping systems, including policies, procedures and business systems that hold records, comply with legal, administrative, cultural and business recordkeeping requirements. This will assist in ensuring that full and accurate records of Government business activities are adequately documented, preserved and made accessible.  There are seven mandatory principles in this Information Standard which are:

  • Principle 1: Public authority recordkeeping must be compliant and accountable
  • Principle 2: Recordkeeping must be monitored and audited for compliance
  • Principle 3: Recordkeeping activity must be assigned and implemented
  • Principle 4: Recordkeeping must be managed
  • Principle 5: Recordkeeping systems must be reliable and secure
  • Principle 6: Recordkeeping must be systematic and comprehensive
  • Principle 7: Full and accurate records must be made and kept for as long as they are required for business, legislative,  accountability and cultural purposes.

Scope

This Information Standard relates to the recordkeeping domain in the Information Policy Framework of the Queensland Government Enterprise Architecture (QGEA).  It applies to public authorities as defined in the Public Records Act 2002.

This policy is applicable across all technological, administrative and service delivery environments in which Government business is conducted. It encompasses:

  • records in all formats, including electronic and other technologically-dependent formats such as audio-visual
  • all public authorities, as defined under the Public Records Act 2002
  • business activities including all forms of Government, organisational and community activity undertaken by public authorities, and
  • outsourced Government functions and activities, such as those delivered under contractual arrangements by 
    –      shared service providers
    –      contractors
    –      funded non-government organisations, and 
    – Public Private Partnerships.

Issue and review

This Information Standard is issued under the authority of the State Archivist in s.25 of the Public Records Act 2002It is published within the QGEA and is managed by the Queensland Government Chief Information Office (QGCIO).

It was developed by Queensland State Archives and approved by the Director-General, Department of Public Works on 30 June 2009.  This version of the Information Standard includes elements of Information Standard 41: Managing Technology-Dependent Records which was repealed on 30 June 2009.

This QGEA Information Standard will be reviewed periodically. The next review date is June 2012.

Implementation

The authority for implementation of mandatory principles for this Information Standard is primarily derived from the Public Records Act 2002.

This Standard was first issued in mid 2001. Full implementation of Information Standard 40 was to be achieved by December 2006 for State Government Departments and Local Governments and by December 2007 for Statutory Entities and Government Owned Corporations. Those agencies which are not yet fully compliant should continue to work towards attaining and maintaining recordkeeping compliance. Public authority structures and functions may be subject to change, and compliance with recordkeeping standards should be assessed if such changes occur. Information management reforms, such as those progressed through the legislation around information privacy and the Right to Information, provide additional impetus for the regular review of recordkeeping.

Guideline for Recordkeeping provides an introduction to recordkeeping and supports this Information Standard. Detailed policy advice is published by Queensland State Archives on a range of specific topics related to recordkeeping.

Queensland State Archives publishes a whole-of-Government Recordkeeping Policy Framework which identifies the key policies, advice, guidelines and tools relevant to Queensland public authorities.

Mandatory principles

Principle 1 - Public authority recordkeeping must be compliant and accountable

Public authorities must comply with public records legislation and other legal and administrative requirements for managing records within the areas in which they operate.  At a minimum, public authorities must:

  • Document the business, administrative and legal environment in which they operate, and identify the records which need to be created and managed within those contexts
  • Implement a strategic approach to recordkeeping that is endorsed by the agency's Chief Executive.

Implementation advice

Legislative and regulatory obligations

Recordkeeping in the Queensland public sector is governed by the Public Records Act 2002Under the Public Records Act 2002, a public authority’s Chief Executive is responsible for ensuring the public authority abides by the recordkeeping provisions of the Act.

Public authorities are responsible for determining what additional legislation and regulations apply to their organisations. If recordkeeping requirements are specified within those legislative and regulatory obligations, they must be carried out in accordance with the prescribed provisions.

Public authorities may also need to comply with the Financial and Performance Management Standard 2009 and other Information Standards when considering the management of records. Some examples of legislation and regulations relating directly to public recordkeeping in Queensland are listed below.

Strategic approach to recordkeeping

Strategic recordkeeping plans assist public authorities to identify the overall direction, purpose and intent of recordkeeping. It is a requirement that these plans be endorsed by the Chief Executive of the public authority. Queensland State Archives has developed templates and an accompanying workbook to assist in the development of strategic recordkeeping plans. Public authorities can also choose to use alternative planning processes to identify, implement and evaluate their strategic approach to recordkeeping.

Principle 2 - Recordkeeping must be monitored and audited for compliance

Recordkeeping systems, procedures and practices must be periodically monitored, evaluated and revised to ensure compliance with cultural, business, legislative and accountability requirements.   At a minimum, public authorities must:

  • Incorporate an assessment of recordkeeping compliance and performance into internal audit and/or business improvement process reviews
  • Act upon any compliance issues identified by reviews or audit processes to improve records management within the agency

Implementation advice

To monitor and measure recordkeeping effectively, it is essential that practices, systems and procedures are assessed and reviewed regularly. There is value in articulating key performance indicators related to recordkeeping, and monitoring against these on a regular basis to allow for to ensure that:

  • Any deviations from policies, standards and procedures and external recordkeeping requirements are identified and documented.
  • Policies and practices continue to be relevant to the business needs and operating environment of the public authority and its staff.
  • Action can be taken to continually improve the reliability, accuracy and integrity of records as evidence of business activities and decisions.

Queensland State Archives has published a Recordkeeping Maturity Model and Roadmap which public authorities can use to monitor current recordkeeping performance, set appropriate and relevant targets and develop plans for action.

Principle 3 - Recordkeeping activity must be assigned and implemented

Recordkeeping activities are essential business functions that must be assigned and implemented through responsible management by individuals and systems.  Making and keeping public records is a responsibility of all those involved in the conduct of Government business, including contract staff.  At a minimum, public authorities must:

  • Formally assign responsibility for recordkeeping activities to those conducting Government business
  • Communicate roles and responsibilities for records management across the organisation

Implementation advice

Recordkeeping activities, including those related to electronic records, must be formally assigned by the Chief Executive of the public authority to all staff. These responsibilities must be implemented when conducting Government business, and this applies to permanent, temporary, casual and contract staff.

Staff must also be aware of their responsibilities to ensure the creation and capture of records relating to their work. Especially in the electronic environment, this activity is necessarily devolved to end users – for example, in the case of emails that are public records, only the sender and recipient know of its existence and therefore must take responsibility for its capture.

Recordkeeping training, appropriate to the nature and extent of their responsibilities should be provided to staff across the organisation. This may range from induction processes to formal recordkeeping qualifications.

Responsibilities may be assigned in a number of ways including through policy statements, formal delegations, position descriptions and performance reviews.

Principle 4 - Recordkeeping must be managed

Recordkeeping must be managed through an identifiable recordkeeping program that includes records in all formats; and be administered by appropriately skilled staff.  At a minimum, public authorities must:

  • Assign responsibility for recordkeeping to an appropriately skilled manager or senior administrative officer
  • Implement an identifiable records management program with documented policies, procedures and business rules

Implementation advice

Public authorities must have documented recordkeeping policies, procedures and business rules. These should cover all areas of a public authority’s business including dedicated recordkeeping systems and business information systems functioning as recordkeeping systems. The management of all technology-dependent records must be integrated within each public authority’s operational recordkeeping program. Recordkeeping must be managed and administered by personnel with the appropriate level of skill and knowledge, recognising that this will vary dependent on the size and scope of the organisation.  This Principle relates to the translation of the strategic direction established through Principle 1 into a functioning operational model for the organisation.

Principle 5 - Recordkeeping systems must be reliable and secure

All systems that are used to create and maintain records must work reliably and be secure to ensure that records are credible and authoritative regardless of format.  At a minimum, public authorities must:

  • Implement recordkeeping systems which are secure from unauthorised access, damage and misuse

Implementation advice

Records must be protected from tampering, unauthorised alteration, and from accidental or intended damage or destruction. The facilities, materials and methods for keeping records must support their preservation for as required under an approved Retention and Disposal Schedule. Recordkeeping systems includes the procedures and work practices which support the system.  Protection can include the physical security of premises, security settings of systems, the selection of appropriate materials and systems, and procedures that hinder loss or unauthorised alteration.

In partnership with records management staff, public authorities should develop, implement and monitor:

  • recordkeeping systems
  • records back up plans
  • disaster preparedness and recovery strategies and processes, and
  • records migration strategies.

Each public authority needs to have in place a vital records program and disaster preparedness and recovery program. This will ensure that in the event of a disaster each public authority’s vital records receive the highest salvage priority and business operations may be re-established as soon as possible.

Principle 6 - Recordkeeping must be systematic and comprehensive

The creation, storage and maintenance of records must be implemented systematically and comprehensively.  All systems (both manual and electronic), that create and maintain records must be supported by accurately documented recordkeeping policies and assigned responsibilities.  At a minimum, public authorities must:

  • Implement processes to ensure records are created, stored and maintained systematically
  • Ensure records document the complete range of business undertaken by a public authority

Implementation advice

All records, regardless of format and the technological environment in which they are generated, must be captured, stored and maintained in identifiable systems with applicable recordkeeping procedures and business rules. Such systems do not have to be dedicated recordkeeping systems. They may be business information systems that have appropriate recordkeeping functionality. These systems may be centralised or decentralised. A recordkeeping system should have accurately documented policies, assigned responsibilities and formal methodologies for its management. Alternatively, business systems may be able to interface with a public authority’s existing electronic recordkeeping systems to meet recordkeeping requirements. Queensland State Archives publishes advice on recordkeeping in business systems.

Records need to document the complete range of business undertaken by a public authority. Recordkeeping must occur in all technological environments in which the public authority carries out its business. Public authorities should ensure that the operations of outsourced or contracted functions are documented adequately to satisfy the recordkeeping requirements to which the public authority is subject.

Principle 7 - Full and accurate records must be made and kept for as long as they are required for business, legislative, accountability and cultural purposes

Full and accurate records are a combination of processes (such as the creation and capture of records) and essential attributes of records (such as being meaningful, inviolate and complete) which combine to provide necessary accountability.  They must be made and kept for as long as they are required for business, legislative, accountability and cultural purposes.  Full and accurate records are:

* created                            * adequate                              * authentic 
* captured                          * complete                               * inviolate 
* retained                           * meaningful                             * accessible, and 
* preserved                         * accurate                               * useable.

Special consideration needs to be given to electronic and technology-dependent records to ensure they are managed as full and accurate records.  This will support their evidential integrity, accessibility and useability for as long as they are required to be retained.  Any amendment or augmentation of electronic records must be made without affecting the evidential integrity of the record.  Disposal of records is covered in Information Standard 31:  Retention and Disposal of Public Records.  At a minimum, public authorities must:

  • Classify records in accordance with a Business Classification Scheme based on an analysis of the public authority's functions and activities
  • Manage the retention and disposal of records in accordance with Information Standard 31: Retention and Disposal of Public Records
  • Capture minimum recordkeeping metadata for all records in accordance with the Queensland Recordkeeping Metadata Standard

Implementation advice

A corporate Business Classification Scheme and a Retention and Disposal Schedule are key tools for making and keeping full and accurate records to support recordkeeping requirements such as efficiency, accountability and legal compliance.

Records must be retained for as long as they are needed to meet business needs, the requirements of organisational accountability and community expectations. The length of time for which a record must be retained is determined by the business activity it documents and any associated evidence requirements. These requirements must be identified systematically through an appraisal process. For more information, see Information Standard 31: Retention and Disposal of Public Records.

The creation and management of appropriate recordkeeping metadata is essential to support the characteristics of full and accurate records.  Recordkeeping metadata is structured or semi-structured information that enables the creation, management and use of records through time and across domains. Recordkeeping metadata can be used to identify, authenticate and contextualise records; and the people, processes and systems that create, manage, maintain and use them. In addition to metadata that is captured at the time of a record’s creation (such as date, title and author), recordkeeping metadata continues to accrue over the life of the record, supporting its authenticity.  The Queensland Recordkeeping Metadata Standard and Guideline provides advice to public authorities on what recordkeeping metadata is required to identify public records and manage them through time.

To be useable, records must be accessible. This means that they can be quickly and easily identified and retrieved. Records must be kept in formats that enable continued use.

Given the rapid rate of technological change, accessibility of electronic records over time may involve migrations of records through successive system hardware and software changes. Documentation of preservation strategies and results will be critical to the ongoing reliability and authenticity of records.


Last Reviewed: 30 June 2010

Related

Events

  • There are currently no related items.