What is the primary document that governs the records management?

Records of information are at the core of Western Australian government organisations. Records are assets which allow the government to function effectively. They provide evidence of actions taken and decisions made by government organisations and allow the government to account for its actions. Good records management is a necessary element of good governance and integrity.

Inhaltsverzeichnis Show

Local Government
Table of Contents
2. Policy Statement
3. Authority
4. Review Date
6. Definition of a Record
7. Digital Transition Policy
8. Digital Continuity Policy
9. Authorised Recordkeeping Systems
10. Ownership of Records
11. Access to DFAT Records
12. Security of Records
13. Disposal, Deletion or Destruction of Records
14. Legislation & Standards
15. Monitoring and Review
16. Roles and Responsibilities
16.1. Secretary
16.2. SES and non-SES managers, HOMs, HOPs and Regional Directors
16.3. CIO, Information Management and Technology Division (IMD)
16.4. Assistant Secretary, ICT Services Branch (ISB)
16.5. Corporate Records Section (COR)
16.6. Business System Owners
16.7. All DFAT Staff
17. Appendix
17.1. Appendix A: Glossary of Terms
17.2. Appendix B: Summary of Recordkeeping Legislation
17.3. Appendix C: Legislation Administered by DFAT
17.4. Appendix D: Potential Benefits of Digital Recordkeeping

The State Records Act 2000 governs the recordkeeping for all State and local government organisations in Western Australia.

Under the Act a State record is defined as any record of information (in any form) created, received, or maintained by a government organisation or parliamentary department in the course of conducting its business activities.

State records may be in any format on which information can be stored, including paper, film, magnetic and optical media.

Recordkeeping Plans capture key information about processes and systems used by government organisations to manage records of information. These plans also set-out actions for the retention and eventual disposal or transfer of records to the State Archives.

Glossary

A Glossary of Terms used in the State Records Commission and State Records Office Publications is available for use.

Assistance

The State Records Office provides a consultative and advisory service to local and State government organisations throughout Western Australia. The SRO team aims to assist with best practice records and information management and compliance with recordkeeping standards.

Local Government

For local government organisations, information can also be found on the Department of Local Government, Sport and Cultural Industries website under Local Government operational guidelines: a list of guidelines to help local governments. This includes information on the preparation of council agendas and minutes.

NOTE: Local Government Records Relating to Cemetery Management

In accordance with the circular issued by the State Records Office on 13 June 2019 all local government organisations with responsibility for cemetery management under the Cemeteries Act 1986 (WA) are not to destroy any cemetery management records until further notice. This applies to all records relating to the care, control and management of a cemetery or crematorium.

If you need specialist advice with any aspect of records management please contact us at .

This policy supports the Strategic Plan and articulates the policy framework which will be adopted within DFAT for managing requirements for adequate recordkeeping of business activities and decision-making. Individual recordkeeping responsibilities applying to all staff and contractors are stipulated and mandatory. This policy supersedes all

previous recordkeeping and records management policies.

This policy establishes a framework for the creation, capture, management and use of complete and accurate records in all formats, however in accordance with the whole-of-Government Digital Transition Policy the policy supports the transition from paper to digital recordkeeping. The policy also endorses the principles of digital continuity for electronic records to ensure that records are complete, available and useable for as long as needed by all potential users, including for purposes beyond the intended

original use.

The potential benefits of digital recordkeeping are broad-ranging, from individual to departmental level. At the individual level, recordkeeping tasks including filing can potentially be automated and made transparent to staff conducting their core business. Reduced time thinking how and where to file or find a document, along with version control, ready access, reusability and other benefits of working digitally, provides more time to focus on core work. Where feasible, automated records capture also ensures that they are created and managed appropriately. Potential benefits of digital

recordkeeping are outlined in detail at Appendix D of the policy.

A Records Management Manual supports this policy and provides a single reference source for detailed instructions, procedures and guidance on the management of specific types of records and use of the EDRMS. The manual is located on the DFAT intranet so that it is accessible by all

staff and will be regularly updated.

Compliance with this policy is mandatory for all staff including contractors. All officers working for the department have a responsibility to follow this policy and to maintain sound recordkeeping

practices in their daily work.

Peter Varghese Secretary Department

of Foreign Affairs and Trade

1.
Purpose

The purpose of this Records Management Policy is to provide direction to staff for the creation, maintenance, storage and disposal of records and associated metadata within the Department of Foreign Affairs and

Trade (DFAT).

This policy, together with the Strategic Plan for DFAT Records Management 2015-2019, and the Records Management Manual, will ensure that complete and accurate records of DFAT's business activities are available and accessible for as long as required for operational, accountability and compliance purposes. The detailed Records Management Manual supporting this policy is intended to ensure that DFAT undertakes best practice records management processes during the policy's period of application, specifically as the department continues the transition from paper-based processes and recordkeeping to a

predominantly electronic recordkeeping environment.

This policy replaces the DFAT Recordkeeping Policy dated 9
August 2012.

2. Policy Statement

DFAT's records are its corporate memory and a vital asset for ongoing accountability. Good recordkeeping is critical to corporate governance and operational efficiency, provides essential evidence of business activities and transactions, and demonstrates accountability and transparency in DFAT's

decision-making processes.

DFAT is committed to implementing and maintaining best practice recordkeeping

policy, practice and procedure.

DFAT recognises its legislative and regulatory
requirements as a Commonwealth agency under the Archives Act 1983. It is committed to meeting the principles and practices set out in the following whole-of-Government policies and standards endorsed by the National Archives of

Australia (NAA):

the whole-of-Government Digital Transition Policy (DTP)
the whole-of-Government Digital Continuity Policy (DCP)
the International and Australian Standard for Records Management (ISO 15489)
the Australian Government Recordkeeping Metadata Standard (AGRkMS)
the Principles and Functional Requirements for Records in
Electronic Environments (ISO 16175).

All staff within DFAT, including locally engaged staff (LES) and contractors, are responsible for recordkeeping. All staff must, therefore, be aware of their obligations under this policy and take reasonable action to ensure ongoing compliance. Non-compliance with the recordkeeping policy may result in action, ranging from counselling to formal

disciplinary proceedings.

Records created in DFAT must be complete and accurate, as defined in ISO 15489. They

must:

enable current and future DFAT staff to take appropriate action, and make well-founded decisions based on the records in their day to day operations
enable an authorised person to examine the conduct of DFAT business
protect the financial, legal and other rights of DFAT
protect people affected by DFAT's actions and decisions.

3. Authority

This policy has been approved by the Secretary, DFAT and is the authority for recordkeeping and records management within DFAT. It shall remain valid until such time as amended, revoked or otherwise superseded by the

direct authority of the Secretary.

4. Review Date

This policy is due for review in 2017 in line with the mid-point
of the Strategic Plan for DFAT Records Management 2015 – 2019.

5.
Scope

This policy applies to all records and associated metadata
from the time of creation or capture and covers:

all DFAT staff, regardless of employment type
all aspects of DFAT's business operations
all types and formats of records created to support business activities
all business applications used to create records
organisations and businesses, including their employees, to which DFAT has outsourced its functions or
activities, and therefore associated recordkeeping responsibilities.

This policy does not relate to records created by any
other agencies, except where they form part of a DFAT business transaction.

6. Definition of a Record

Records are evidence of business conducted by an organisation. Any reference to a record in this policy refers to records in any format as defined

in the Archives Act 1983. The Glossary of Terms at Appendix A includes Complete

and Accurate Record(s), which highlights characteristics that differentiate a record from other types of information and provide for a record to be

admissible as evidence.

DFAT staff are responsible for keeping a record of business transactions conducted as part of their duties for the department. Examples of business transactions include documenting actions, events, conversations or other transactions where they provide evidence of formal advice or directions, or significant decisions.

Records can be in any format. This includes but is not limited to:

Hard copy or electronic documents – e.g. Word, Excel, Power Point
Paper or electronic files – e.g. EDRMS containers
Electronic messaging – e.g. Email, voicemail, instant messaging (including Lync), SMS (short message service), multimedia message service (MMS)
Social media – e.g. Twitter, Facebook, LinkedIn, blogs, wikis, discussion boards/forums
Web content – e.g. public websites, intranet
Photographs – e.g. official photographs documenting business activities, Flickr
Videos – e.g. YouTube, Vimeo, video conferencing, teleconferencing, video instant messaging and podcasts
Data in business systems – e.g. PeopleSoft, SAP, AidWorks, PICS (Passport Issue and Control System), CIS (Consular Information System, and CMIS legacy records)
Models, plans and architectural
drawings

SharePoint and social media are relatively new forms of collaboration and communication for the department. Staff who use these tools for their work should be aware that content published in this media may constitute a record as defined in this policy. Advice documents issued by the Corporate Records Section regarding the capture of records and associated metadata, from communications conducted via social media platforms, are provided on the intranet and are to

be followed.

For a record in digital format to be meaningful and to serve as admissible evidence of a business transaction, associated metadata needs to be captured or created with the record to provide adequate context and to support its authenticity and management over time. Along with other provisions, as set out in the relevant

areas of this policy, minimum metadata standards set by the NAA in the Australian
Government Recordkeeping Metadata Standard are to be met. This will help to

ensure that DFAT's business, accountability and archival requirements are met in a systematic and consistent way, and that digital records are described, reliable, meaningful, admissible as evidence, accessible, sharable and re-usable for as

long as they need to be retained.

7. Digital Transition Policy

In line with the Government's DTP, DFAT is transitioning away from a predominantly paper-based records management system to digital recordkeeping, primarily for efficiency purposes. This means the majority of DFAT's records will be created, stored and managed digitally, and where feasible

paper records will be scanned to reduce the number of paper files.

Where paper files that are overdue for disposal exist, sentencing and disposal will be conducted as resources permit using records authorities

issued by the NAA to reduce paper-based holdings.

Hybrid files (containing paper and digital records) will be phased out through the archiving process during the current Records Management Strategic Plan period (2015-2019). To ensure business, accountability and archival requirements are adequately catered for, a review of active hybrid files and remediation action will be conducted by Corporate Records Section in coordination with relevant stakeholders (eg. business area, system and process owners) as required. In light of the DTP, no hybrid files are to be created in

DFAT from the date of the publication of this policy.

New or reviewed business systems and processes must be designed to support digital recordkeeping, including automated/transparent

records capture, as far as practicably possible.

Advice documents issued by the Corporate Records Section regarding the creation of authentic, complete and accessible image copies of records, and the compliant management of the

original document after scanning, is to be followed. This advice includes:

coverage of technical and legislative requirements to preserve official records of enduring evidential or informational value for future reference
an outline of the existing legal framework in the Australian Federal Government jurisdiction that supports tendering digital images of records for legal proceedings or for other evidentiary purposes
how to manage and dispose of source records after they have been scanned
exclusions regarding records that have been designated to be always retained in original format, and/or source records
that cannot be destroyed after scanning.

Exceptions to the creation of, conversion to and management of records (files and documents) in digital format (including hybrid files) require a business case to do so and/or authorisation from the Director,

Corporate Records Section (COR).

8. Digital Continuity Policy

In line with the Government's DCP, developed to build on the foundations of the DTP, DFAT is embracing an approach to keeping and managing digital records and associated metadata to ensure that they are complete, available and can be used for as long as needed, including beyond

their original business use.

The
DCP requires that:

records and information created are complete, accurate, up-to-date, discoverable and usable by those with legitimate need, interoperable across the Commonwealth, and available and usable for as long as needed and not kept any longer than required
business transactions and decisions are recorded digitally, using digital authorisations and workflows by default wherever possible
business systems creating, capturing and/or managing records protect information from unauthorised alteration, deletion or misuse, and comply with ISO 16175
minimum metadata standards set by the NAA are met to ensure that digital content is described, sharable, admissible as evidence and re-usable
standard professional information and records management specialist qualifications, skills and capabilities set by the NAA are met
DFAT reports annually to the NAA on
progress in digital information management capabilities and maturity.

9. Authorised Recordkeeping Systems

The EDRMS is the primary recordkeeping system for DFAT for the management of both physical and electronic records (documents and

files/containers) along with the required associated metadata.

DFAT records (irrespective of format) stored in shared drives, personal drives, email folders, SharePoint sites, the Cloud, local applications, cabinets, workstations and on backup disks or drives are not

compliant with DFAT's recordkeeping obligations.

These drives and locations do not capture sufficient metadata to meet the legal recordkeeping retention and disposal requirements, and/or do not allow records to be widely searchable or accessible to all who need them, are not authenticated and are not secure from alteration or

deletion.

This business information remains non-compliant until it is registered as a record in the EDRMS or an authorised business system (assessed for records management functionality against ISO 16175 and approved by the

Director, Corporate Records Section), as required.

Shared network drives are not authorised for the storage and management of records. Records are not to be stored on shared network drives without approval from the Director, Corporate Records Section, based on

a business case that justifies doing so.

A Business Information System is an information reporting and/or transaction system used within DFAT. Business information systems are not automatically records management compliant – they contain structured data that potentially constitutes part of a Commonwealth record but this does not by default contain the contextual information to ensure reliability, authenticity and usability. Further, legal recordkeeping retention and disposal requirements

(beyond keeping backups of data) are usually not adequately catered for.

Before being authorised to store and manage records, all DFAT business information systems must be assessed by Corporate Records Section in consultation with relevant stakeholders as capable of managing the following processes as a minimum, in accordance with ISO 16175 - the international

standard endorsed by the NAA for that purpose:

be capable of collecting all information required for the activity – it should be fit for purpose
be capable of capturing content, structure and context of the record
provide adequate and compliant storage of records
provide protection of record integrity and authenticity
ensure the security of records
be readily accessible to all staff who need to use the records contained within the system, for as long as the record is needed
undertake the disposal of records in accordance with approved disposal authorities
ensure the recoverability of records in the event of a disaster
ensure the availability of records
in a useable format through technology changes and migration.

DFAT business information systems that store records (including email, SharePoint instances and a range of core business systems), and are not currently approved as records management compliant, should ensure that appropriate system backup regimes are in place. This is to ensure the day-to-day accessibility, retrieval and integrity of records as a minimum is maintained until the system has been assessed for records management functionality by Corporate Records Section and

authorised to capture and manage records.

10. Ownership of Records

All records, irrespective of format (i.e. physical or electronic), created or received by all DFAT staff, in the course of their duties on behalf of DFAT, are the property of the Department and subject to its overall control. The only exceptions include if local jurisdiction legislation or a contract or other legally binding agreement is in place that specifically states

otherwise.

11. Access to DFAT Records

Under provisions of the Archives Act
1983, Freedom of Information 1982 and Privacy Act 1988, records created in DFAT can be released to the public on request, if they meet certain criteria. Failure to maintain or locate reliable records when requested, may lead to lost revenue

or excessive retrieval costs, legal action or reputational damage for DFAT.

Reforms to the Archives Act 1983 have resulted in bringing forward the 'open access' period to most records from 30 years to 20 years, which began on 1 January 2011 and will be phased in over a

ten year period.

Reforms to the Freedom of Information Act
1982 promotes a pro-disclosure culture across government ensuring the public's right to access records held by government agencies. It has simplified

and narrowed the range of exemptions from access.

The Privacy Act 1988 governs the collection, use and disclosure of information about individuals to ensure that the information collected directly

relates to an agency's functions. Under the Privacy Act, members of the

public have the right to access records about themselves that are less
than 30 years old.

DFAT is regularly served with subpoenas or orders for the discovery of documents that require the production of selected documents/records by a specified date. Where a critical time line is not met in this context, the relevant business area(s) and associated business processes and information systems will be examined for potential improvements in meeting response times through

digital recordkeeping initiatives.

In
accordance with the Continuing Order of the Senate – Indexed list
of departmental and agency files, every six months DFAT must publish on the departmental website an indexed list of titles for files created in the head

office of the department.

12. Security of Records

Information Security includes measures such as the application of the Australian Government security classification system, procedures for the handling, storage and disposal of official information, and information communications and technology

controls. This policy should be read in conjunction with the Australian
Government Protective Security Manual, the Australian Government Information
Security Manual and the DFAT Security Manual.

It is the responsibility of staff to be familiar with these manuals and the general principles of handling and managing sensitive information, including the 'need-to-know' principle, and to apply them where relevant to their business and recordkeeping in accordance with other individual recordkeeping

responsibilities as set out in Section 16 of this policy.

EDRMS users should note the following when creating,
storing, retrieving, editing and circulating information in the system:

Users must ensure that they apply the correct security classification to each document at the time of creation, and save this document in an appropriate file container in the EDRMS. In the EDRMS, the access controls on the file are used as the default access control for a document. Only authorised staff may change the access control on a file.
Users should avoid restricting access to named officers, and instead use positions, roles or groups wherever practicable.
It is the responsibility of individual users to ensure that security and access controls on documents remain appropriate and in line with the need-to-know principle, as documents are edited, emailed, shared, and to cater for potential changes over time.
Documents should be sent within DFAT as a reference link from the EDRMS rather than as an attached document wherever practicable, allowing the EDRMS security and access controls to manage whether the recipient has access.
Material with a security classification higher than Unclassified must only be created and saved to files on Satin High.
Particular care should be given to
the access controls applied to documents where privacy issues are involved.

13. Disposal, Deletion or Destruction of Records

It is an offence to dispose of, delete or destroy any
Commonwealth record without authorisation from the NAA. Under the Archives
Act 1983 and the Crimes Act 1914, DFAT records cannot be disposed of other than in accordance with the approved NAA disposal authorities. The

disposal authorities relevant to DFAT are the Administrative Functions
Disposal Authority (AFDA) and the Departmental Agency Functions Disposal
Authority (DAFDA). The Assistant

Secretary, ICT Services Branch (ISB) and delegated Corporate Records Section staff, are authorised by NAA to carry out disposal, deletion or destruction of records

for DFAT.

Records created and received as part of DFAT's business that are of ephemeral value and are not covered under a Records Authority can be considered for destruction using NAA's Normal Administrative Practice (NAP) provisions. These records can be disposed of by the creator, using the appropriate method, without seeking formal authorisation. Specific guidance on application of the NAP can be found in the Records Management Manual and on the DFAT Intranet Records Management

pages.

14. Legislation & Standards

Certain federal government legislation provides direction on the management of federal government records; this legislation (incorporating

amendments) includes but is not limited to:

Archives Act 1983
Australian Information Commissioner Act 2010
Crimes Act 1914
Electronic Transactions Act 1999
Evidence Act 1995
Financial Framework (Supplementary Powers) Act 1997
Financial Framework Legislation Amendment Act 2010
Freedom of Information Act 1982
Privacy Act 1988
Public Governance, Performance and Accountability Act 2013
Public Service Act 1999.

DFAT is also committed to ensuring that its recordkeeping and business systems comply with existing established standards and major reports into recordkeeping in the Commonwealth

such as:

Australian Standard for Records Management - AS ISO 15489 – 2009
Australian Standard for Managing Records in an Electronic Environment – ISO 16175
Australian Government Recordkeeping Metadata Standard
Australian Government's Digital Transition Policy
Australian Government's Digital Continuity Policy (including the Digital Continuity Plan)
Policies and Guidelines published and endorsed by NAA for Commonwealth agencies
Protective Security Policy
Framework

Additionally, DFAT is responsible for administering a range of legislation that may include specific recordkeeping requirements. A list of this legislation can be found at

Appendix C.

15. Monitoring and Review

This Policy requires recordkeeping practices and processes to be a significant feature of all business processes and systems. It is the responsibility of all staff, regardless of level, to contribute to sound recordkeeping practices. In order to ensure that the policy is effective, DFAT will monitor recordkeeping practices in a variety of ways to ensure the

compliance of all departmental activities.

Corporate Records Section is the line area directly responsible for monitoring compliance with the departmental recordkeeping framework and high-level assessment of the department's compliance with NAA

benchmarks. This includes:

monitoring the capture and creation of records into the official recordkeeping system –EDRMS, in particular identifying areas that may not be fully or correctly creating and/or capturing records into the recordkeeping system
utilising NAA's "Check-Up Digital" tool to identify areas of non-compliance and areas that need improvement to enhance capability to manage digital records and related information; results will be used as a benchmark for future compliance and strategic planning activities
monitoring business system compliance with ISO 16175
annually facilitating an external
records management audit as directed by the DFAT Audit and Risk Committee

Posts undertake periodic reporting using the Self Assessment Manual (SAM). Reporting requirements and timeframes are dependent on the experience of the completing officer at post. Part of the SAM undertakes a self-assessment of compliance based on DFAT's records management policies, and

results are reviewed by Corporate Records Section.

In addition to each officer's individual recordkeeping responsibilities, managers must ensure that their team is aware of their recordkeeping responsibilities as part of their daily functions. Managers should require all staff, including LES and contractors, to include an aspect of recordkeeping in their performance agreements, and should lead by example regarding recordkeeping practices and the creation, capture and management of

records into the EDRMS or an authorised business information system.

16. Roles and Responsibilities

This section defines the duties and responsibilities of all
DFAT staff with respect to recordkeeping.

16.1. Secretary

The
Secretary is responsible for:

authorising and promulgating this policy
promoting compliance with this policy
supporting and fostering a culture of good recordkeeping in the department
nominating the Executive in charge
of recordkeeping.

16.2. SES and non-SES managers, HOMs, HOPs and Regional Directors

SES
and non-SES managers, HOMs, HOPs and Regional Directors are responsible for:

supporting and fostering a culture of good recordkeeping in DFAT
ensuring that officers under their management are aware of their responsibility to maintain accurate records of business
providing guidance to staff on managing security and access controls when dealing with security classified, staffing or sensitive records
ensuring staff are provided adequate time to undertake recordkeeping responsibilities
including the requirement to meet recordkeeping responsibilities in staff (including LES) performance agreements
implementing measures to monitor recordkeeping responsibility compliance and to address inadequacies in recordkeeping
practices.

16.3. CIO, Information Management and Technology Division (IMD)

The
Chief Information Officer is responsible for:

ensuring that recordkeeping policy and practices adopted by the department comply with DFAT's obligations and responsibilities as a Commonwealth Government agency
ensuring that the technology used to support the systems that capture and keep records electronically are reliable, available and accessible to DFAT staff as required
implementing standards for business information systems that comply with NAA's Standards and Guidelines for electronic recordkeeping, where warranted
incorporating electronic recordkeeping requirements (as outlined in Section 9) into business system operational and maintenance plans, and into design specifications when building, reviewing, upgrading or acquiring new business systems
providing assurance that back-up and recovery strategies adequately meet electronic recordkeeping storage requirements
the development and implementation, over time, of a comprehensive information management framework
which incorporates records management.

16.4. Assistant Secretary, ICT Services Branch (ISB)

The
Assistant Secretary ISB is responsible for:

ensuring this policy is reviewed and is up to date
ensuring that all DFAT staff are regularly reminded of their recordkeeping responsibilities
in consultation with CIO, authorising each business system managing records
ensuring DFAT adheres to appropriate record retention and disposal requirements
ensuring that the EDRMS is available, reliable and accessible to staff when required
supporting the implementation of EDRMS upgrades and enhancements, in compliance with DFAT's ICT Change and Release Management processes
ensuring business systems comply with this policy and NAA's electronic
recordkeeping guidelines and requirements, including NAA-endorsed standards.

16.5. Corporate Records Section (COR)

COR
is responsible for:

developing and implementing strategies to support this policy
supporting and fostering a culture of good recordkeeping in DFAT
creating and maintaining recordkeeping procedures with which compliance will be mandatory under this policy
delivering recordkeeping and EDRMS training, support and advice to all staff
maintaining, monitoring and reviewing the departmental recordkeeping system
providing support to EDRMS users through effective service desk support arrangements
promoting the effective use of the EDRMS
liaising with IT Support Staff to ensure the EDRMS is available, reliable and accessible to staff when required
liaising with IT Support Staff for the implementation of EDRMS upgrades and enhancements
ensuring that, as far as is practicable, records are kept and accessible for as long as required by DFAT staff, government and the public
measuring and monitoring compliance of business information systems that store records against ISO 16175 in coordination with IT and business area stakeholders
authorising business information systems to store records and/or associated metadata
managing the archiving and disposal of records over time
authorising, under delegation, the
disposal/destruction of records.

16.6. Business System Owners

All owners of business information and transactional systems that store records

and/or associated metadata must:

fully understand the recordkeeping obligations and responsibilities relating to their system(s) and associated business processes that they interact with or manage
adhere to DFAT's policy, procedures and standards in creating and managing records in their system(s), including ensuring that their system(s) are scheduled for assessment of records management functionality compliance against ISO 16175: Part 3, and authorised as a system to create and manage records by COR
ensure that in the interim until their system(s) have been authorised by COR to create and manage records, appropriate system backup regimes are in place to guarantee the day-to-day accessibility, retrieval and integrity of records stored in their system; or records from the system stored in the EDRMS
in coordination with the CIO, incorporate electronic recordkeeping requirements (as outlined in Section 9) into system operational and maintenance plans, and into design specifications when building, reviewing, upgrading or acquiring new business systems
ensure that their system(s) do not facilitate deletion/destruction or disposal of records without the correct authorisation as set out in Section 13 of this policy, except through the
appropriate application of NAP, also set out in Section 13 of this policy.

16.7. All DFAT Staff

All
DFAT staff must:

understand the recordkeeping obligations and responsibilities relating to their position
adhere to DFAT's policy, procedures and standards in maintaining records as required by their daily tasks
attend mandatory recordkeeping and EDRMS training
create and capture records in the EDRMS or authorised recordkeeping system
be familiar with the provisions for handling and managing sensitive and security classified information, including the 'need-to-know' principle, and to apply them where relevant to
their business and recordkeeping practices
ensure that they do not destroy records without the correct authorisation, except through the appropriate application of NAP (refer to Section 13 of this policy)
include meeting recordkeeping responsibilities in performance agreements
be accountable for their actions and decision-making to the general public, Commonwealth Government and to
DFAT's Stakeholders.

17. Appendix

17.1. Appendix A: Glossary of Terms

Significant terms used in the Records
Management Policy are defined or explained below.

Term	Definition
Accountability	Based on the principle that individuals, organisations and the community are required to be accountable to others for their actions. Organisations and their employees must be able to account to appropriate regulatory authorities, shareholders or members, and to the public. This is required to meet statutory obligations, audit requirements, relevant standards, codes of practice, and community expectations.
Action Officer	Staff who conduct business on behalf of DFAT and record that business activity.
Activity (Business Activity)	An umbrella term covering all the functions, processes, activities and transactions of an organisation and its employees.
All staff	This includes the following DFAT staff: all DFAT staff, including non-ongoing staff all LES, funded by DFAT appropriations all contractors, and all consultants and service providers engaged by DFAT.
Authorised Recordkeeping System	A system that stores DFAT's Corporate records and associated information, and has been assessed by COR as complying with ISO 15489 and ISO 16175. Refer to Section 9 of this policy for further detail.
Business Classification Scheme	A conceptual representation of the functions and activities performed by an organisation. The scheme is derived from the analysis of business activity.
Classification	Systematic identification and arrangement of business activities and/or records into categories according to logically structured conventions, methods, and procedural rules represented in a classification system. Source: International Standard, ISO 15489, 2001, Part 1, Clause 3.6. See also: Business Classification Scheme and Security Classification System.
COR	Corporate Records Section.
Commonwealth Record	Any official record of the activities of a Commonwealth Government department or agency. See also: Corporate Record and Complete and Accurate Record(s). Refer to Section 6 of this policy for further detail.
Complete and Accurate Record(s)	A complete and accurate record has characteristics that differentiate a record from other types of information and provide for a record to be admissible as evidence. These characteristics include that a record is: compliant with the recordkeeping requirements arising from the regulatory and accountability environment in which the organisation operates adequate for the purposes for which it is kept complete – containing not only the content, but also the structural and contextual information necessary to document a transaction meaningful – containing information and/or linkages that ensure the business context in which the record was created and used is apparent comprehensive – documenting the complete range of the organisation's business for which evidence is required accurate – to reflect the transactions that it documents authentic – enabling proof that it is what it purports to be and that its purported creators did indeed create it inviolate – securely maintained to prevent unauthorised access, alteration or removal. Adapted from: Standards Australia, AS 4390, 1996, Part 3, Clause 5.3.
Conversion	Process of changing records from one medium to another or from one format to another. Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.7.
Corporate Record	Information created, received, and maintained as information and evidence of the functions and activities performed by an organisation or person, in pursuance of legal obligations or in the transaction of business. Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.15. See also: Complete and Accurate Record(s). Refer to Section 6 of this policy for further detail.
DCP	Digital Continuity Policy – whole-of-Government policy in support of ensuring that records and information are complete, available and useable by those who need it, for as long as required, but not kept for longer than needed.
Destruction	Process of eliminating or deleting records, beyond any possible reconstruction. Source: International Standard, ISO 15489, 2001, Part 1, Clause 3.8.
Digital continuity	Ensuring that records and information are complete, available and useable by those who need it, for as long as required across technological, migration and governance changes, but not kept for longer than needed.
Digital record	A record that is communicated and maintained in a digital format. Same as an electronic record.
Digital transition	The transition from paper and other physical formats to digital formats.
Disposal	See Disposition.
Disposition	Range of processes associated with implementing records retention, destruction or transfer decisions which are documented in disposition authorities or other instruments. Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.9. Refer to Section 13 of this policy for further detail.
Document	Recorded information or an object that can be treated as a unit. A document becomes a record when it is registered into an authorised recordkeeping system with relevant associated metadata. Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.10.
DTP	Digital Transition Policy – whole-of-Government policy in support of transitioning away from a predominantly paper-based records management environment to digital recordkeeping.
EDRMS	Electronic Document & Records Management System
Electronic Document	A document that is communicated and maintained in an electronic format.
Electronic Record	A record that is communicated and maintained in an electronic format. Same as a digital record.
File Number	A number attached to each file that serves as a unique identifier.
Function	The largest unit of business activity in an organisation or jurisdiction.
Instant Messaging (IM)	The act of communicating in near real-time via a computer network (e.g. a local area network, a wide area network or the Internet). IM differs from email in several regards relevant to recordkeeping, including: Communication is delivered directly to the recipient rather than via the delayed mechanisms (server-to-server routing) used by email protocols, IM packages allow users to "chat", where each line of text is displayed as soon as it is typed, rather than needing to wait for a complete message to be delivered. Thus, email is like an electronic letter, while IM is more like an electronic telephone call. In DFAT, IM is not currently configured to directly capture records or metadata for recordkeeping purposes. Capturing records from IM communications is therefore a manual process involving making a Note for File. As such, IM is not recommended to conduct business communications that potentially require a record to be kept.
Metadata	Structured data or other information that describes context, content and structure of records and their management through time. It allows users to find, manage, control, understand or preserve the information it relates to. Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.12.
Migration	Act of removing records from one system to another, while maintaining the records' authenticity, integrity, reliability and useability. Source: International Standard, ISO 15489, 2001, Part 1, Clause 3.13.
Multimedia Message Service (MMS)	An extension of Short Message Service (SMS), by which users can transfer not only text but other kinds of material (images, video, audio) to mobile telephones.
NAA	National Archives of Australia
Naming Conventions	Standards relating to the structure of the 'free text' part when naming files (including punctuation, capitalisation, use of acronyms and abbreviations), and applied within the context of records management.
NAP	See Normal Administrative Practice
Normal Administrative Practice (NAP)	Normal Administrative Practice (NAP) is a provision under the Archives Act 1983 that permits the destruction of records that are not covered by a Records Authority. In general, this applies to records that are deemed to be: Facilitative, transitory or short-term records, Rough working papers and/or calculations, Drafts not intended for further use or reference, Copies of material retained for reference purposes only, or Published material not forming an integral part of DFAT's records. Refer to Section 13 of this policy for further detail.
Preservation	Processes and operations involved in ensuring the technical and intellectual survival of authentic, complete and accurate records through time. Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.14.
Record	See Corporate Record and Complete and Accurate Record(s). Refer to Section 6 of this policy for further detail.
Recordkeeping	The making and maintaining of complete, accurate and reliable evidence of business transactions in the form of recorded information into the EDRMS or an authorised business system. This 'recorded information' includes the record itself and relevant associated metadata. Recordkeeping includes: The application of appropriate security and access controls to records on creation, and amending these controls as necessary during the lifetime of the record, to secure them from unauthorised access; and ensuring that records are only destroyed with the correct authorisation, or through appropriate application of Normal Administrative Practice. Adapted from: Standards Australia, AS 4390, Part 1, Clause 4.19; and Part 3, Foreword. See also: Complete and Accurate Record(s), Metadata, Authorised Recordkeeping System, Normal Administrative Practice Refer to the following sections of this policy for further detail as noted: Section 6 provides detail regarding the definition of a record Section 12 provides detail on record security and access controls Section 13 provides detail regarding records disposal, destruction and application of Normal Administrative Practice.
Records management	The discipline and organisational function of efficiently and systematically controlling the creation, receipt, maintenance, use and disposition of records. This includes processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records, to meet operational business needs, accountability requirements and community expectations. Adapted from: International Standard, ISO 15489, 2001, Part 1, Clause 3.16.
Records Manager	The person responsible for managing official Commonwealth records in DFAT using the recordkeeping System. Responsibilities include all processes from creation to disposal of official records and ensuring compliance with legal and administrative requirements.
Registration	Act of giving a record a unique identifier on its entry into a system. Source: International Standard, ISO 15489, 2001, Part 1, Clause 3.18.
Scanning	The process of capturing an electronic image of a document for storage in an electronic document system.
Security Classification System	A set of procedures for identifying and protecting official information whose disclosure could have adverse consequences for the Commonwealth. The security classification system is implemented by assigning markings (such as 'Top Secret' or 'Protected') that show the value of the information and indicate the minimum level of protection it must be afforded. Adapted from: Attorney-General's Department, Commonwealth Protective Security Manual, Glossary.
Short Message Service (SMS)	A function available on most mobile telephones, which enables users to send brief typed text messages to other mobile telephones, and in some cases, other handheld computing devices such as personal organisers.
Social Media	An umbrella term for Internet-based tools for sharing and discussing information among people. It refers to user-generated information, opinion and other content shared and discussed over open digital networks. Social media may include (although is not limited to): Social networking sites (e.g. Facebook, LinkedIn) Instant messaging (e.g. Lync), podcasting and video on demand (VOD Video and photo sharing websites (e.g. YouTube, Flickr) Blogs and micro-blogs (e.g. Twitter) and Wikis (e.g. Wikipedia) Refer to Section 6 of this policy for further detail.
Storage	The function of storing records for future retrieval and use.
Thesaurus	A (keyword) thesaurus provides control and consistency over the vocabulary used for titling and indexing of records.
Transfer	Change of location, custody, ownership and/or responsibility for records. Source: International Standard, ISO 15489, 2001, Part 1, Clause 3.20.
TRIM	TRIM is the EDRMS records management software.
Transaction	The smallest unit of business activity. Uses of records are themselves transactions.
Video instant messaging	An extension of instant messaging which enables users to videoconference using an instant messaging program. See also: Instant Messaging
Voicemail	A centralised method of managing telephone recorded messages for a group of telephones. In its most basic form, voicemail is simply a large-scale answering machine, but most modern systems have added functionality, allowing users to check messages remotely, forward messages to other voicemail boxes or mobile telephones, and personalise greetings for different callers.

17.2. Appendix B: Summary of Recordkeeping Legislation

Acts and Standards

Description

Archives Act 1983

The Archives Act 1983 officially established the National Archives of Australia. The Act empowers the Archives to preserve the archival resources of the Commonwealth (those records designated 'national archives') and defines their role in supporting and governing the creation and management of these records. The Act establishes the framework

in which agencies must create, capture and manage their records including:

Imposing statutory obligations on all Government departments and agencies for the management of their records
Making it illegal to destroy or alter Commonwealth records without the permission of the Archives, unless otherwise stated by law
Creating a fundamental right of public access, bringing forward the 'open access' period to most records from 30 years to 20 years, which began on 1 January 2011 and will be phased in over a ten year period other than Cabinet notebooks and census information which have been reduced from 50 years to 30 years
Governing the retention and
disposal of records.

Australian
Information Commissioner Act 2010

The Australian
Information Commissioner Act 2010 established the Office of the Australian Information Commissioner (OAIC). The OAIC has three sets of

functions:

freedom of information
privacy
government and information
policy

The OAIC aims to facilitate public access to government information and encourages agencies to

proactively publish information.

Electronic
Transaction Act 1999

The Electronic
Transactions Act 1999 provides a regulatory framework that enables business and the community to use electronic communications in their dealings with government. The primary objective of the Act is to remove impediments that might prevent a person from using electronic communication to satisfy

obligations under Commonwealth law.

Broadly, the Act provides that electronic communications and electronic forms of documents may be used to satisfy requirements or permissions, under Commonwealth laws, for a person

to:

give information in writing
provide a handwritten signature
produce a document that is in the form of paper or other material
record information in writing
retain a document that is in the form of paper or other material
retain information that was the subject of an electronic communication

The Act provides for exemptions and it identifies conditions that must be met in order to maintain

the integrity and accessibility of information.

Evidence Act 1995

The Evidence Act 1995 recognises the role of modern technologies in business and government. It abolishes the 'original document' rule and ensures that faxes, telexes and electronic communications may be admitted

into evidence in all federal courts.

The Act defines a 'document'
:

'anything on which there is writing, anything on which there are marks, figures, symbols or perforations having a meaning for persons qualified to interpret them or anything from which sounds, images or

writings can be reproduced with or without the aid of anything else.'

If the document in question is an 'article or thing on or in which information is stored in such a way that it cannot be used by the court unless a device is used to retrieve, produce or collate it', it is permissible to tender 'a document that was or

purports to have been produced by use of the device'.

To be admissible the record must be:

authentic - it must be clear that the record or document has not been altered or modified without authority;
complete and accurate; and
logically sequenced and
arranged.

Freedom of Information Act 1982

The Freedom of Information Act 1982 provides that a person has a legally enforceable right to obtain access to a document of an agency or an official document of a Minister unless that document falls within one of the exemptions set out in the Act. Generally, exempt documents are those which must be kept confidential to protect essential public

interests, personal or business information.

Under changes to the FOI
Act 1982, agencies are required to publish agency plans as well as other
specific categories of information.

ISO 15489

Records Management

The International Standard For Records Management - ISO 15489 provides strategies and operational guidelines for the implementation of records management practices and procedures in any organisation. The Standards are designed to help organisations create, capture and manage complete and accurate records to meet their business needs and legal requirements as well as to satisfy other stakeholder expectations. They apply to records in any format or media, created or received by any public or private organisation

during the course of its activities.

The Standard has been used
as guidance in preparation of these instructions.

ISO 16175

Principles and
Functional Requirements for Records in Electronic Office Environments

ISO 16175 provides internationally agreed principles and functional requirements for software used to create digital information in

office environments.

NAA has endorsed the use of ISO 16175 for use by Australian Government agencies to assess the records

management functionality of a business information or transactional system.

Privacy Act 1988

The Privacy Act
1988 makes provision to protect the privacy of individuals and prevent the misuse of personal information about members of the public. It governs the collection, use and disclosure of information about individuals by Australian Government agencies to ensure that it is only used for purposes that relate directly to the functions or role of the agency. It specifies that the information agencies keep must be secure, accurate, relevant, complete, and not misleading. The Act also gives people

a right to see records about themselves.

Records over 30 years old are exempt from the Privacy Act. Access to these records is controlled

through the Archives Act 1983.

Public Governance,
Performance and Accountability Act 2013

The Public
Governance, Performance and Accountability Act 2013 includes specific provisions for Commonwealth entity
records relating to governance and reporting, performance and accountability.

17.3. Appendix C: Legislation Administered by DFAT

Anti-Personnel
Mines Convention Act 1998

Australian
Centre for International Agricultural Research Act 1982

Australian
Civilian Corps Act 2011

Australian
Passports Act 2005

Australian
Passports (Application of Fees) Act 2005

Australian
Passports (Transitionals and Consequentials) Act 2005

Australian
Trade Commission Act 1985

Australian Trade Commission (Transitional Provisions and Consequential Amendments) Act

1985

Autonomous
Sanctions Act 2011

Charter
of the United Nations Act 1945

Chemical
Weapons (Prohibition) Act 1994

Comprehensive
Nuclear Test-Ban Treaty Act 1998

Consular
Fees Act 1955

Consular
Privileges and Immunities Act 1972

Diplomatic
and Consular Missions Act 1978

Diplomatic
Privileges and Immunities Act 1967

Export
Finance and Insurance Corporation Act 1991

Export Finance and Insurance Corporation (Transitional Provisions and Consequential

Amendments) Act 1991

Export
Market Development Grants Act 1997

Export
Market Development Grants (Repeal and Consequential Provisions) Act 1997

Foreign
Passports (Law Enforcement and Security) Act 2005

Intelligence
Services Act 2001, except to the extent administered by the Prime Minister, the Attorney-General and the Minister for Defence

International
Development Association Act 1960

International
Fund for Agricultural Development Act 1977

International
Organisations (Privileges and Immunities) Act 1963

Nauru
Independence Act 1967

Nuclear
Non-Proliferation (Safeguards) Act 1987

Nuclear
Safeguards (Producers of Uranium Ore Concentrates) Charge Act 1993

Overseas
Missions (Privileges and Immunities) Act 1995

Papua
New Guinea Independence Act 1975

Papua New Guinea (Staffing Assistance) Act 1973, except to the extent administered by

the

Minister for Finance

Registration
of Deaths Abroad Act 1984

Security
Treaty (Australia, New Zealand and the United States of America) Act 1952

South
Pacific Nuclear Free Zone Treaty Act 1986

Tourism
Australia Act 2004

Tourism
Australia (Repeal and Transitional Provisions) Act 2004

Trade
Representatives Act 1933

United
Nations Educational, Scientific and Cultural Organization Act 1947

United
States Naval Communications Station Agreement Acts

US
Free Trade Agreement Implementation Act 2004

Source: http://www.naa.gov.au/Images/AAO_23_December_2014_tcm16-83959.rtf

17.4. Appendix D: Potential Benefits of Digital Recordkeeping

Digital records management provides a number of efficiency and other benefits including

improved corporate governance, improved business processes and reduced costs:

Improved access to and retrieval of relevant records and information - facilitates better-informed decision-making; better service delivery; fewer information silos; enhanced information sharing across the agency and between agencies; and potential for re-use of information by government and the Australian community.
Improved corporate governance - lower compliance costs and enhanced ability to provide accurate, timely and transparent responses to legislative and regulatory requirements. Australian Government agencies need to meet a range of legislative, regulatory and governance requirements. Managing records digitally strengthens corporate governance by helping agencies meet legal obligations and regulatory and governance requirements in an efficient and cost-effective way.
Legislative obligations - well-managed digital records support transparent, accurate and timely responses to applications under information access legislation or under subpoena. Under freedom of information reforms charges must be waived if a statutory time frame is not met, so quickly locating the right records can avoid a cost penalty. It is easier to publish digital information on websites, in keeping with Information Publication Scheme requirements, in formats that allow use and re-use.
Transparency and accountability - authoritative records provide evidence of, justify or explain actions or decisions. They substantiate responses to audit, official inquiry or other types of investigation. Records protect the democratic rights and entitlements of individuals and provide evidence of interactions between Australia's people and elected governments. Good digital management means records are trustworthy, authoritative and able to withstand scrutiny. Digital management provides accountability benefits that are difficult to duplicate in paper systems. Comprehensive and accurate audit trails not only help an understanding of communications, decisions and actions that have been carried out but also show when a record was created, accessed or amended and by whom.
Risk management - a well-managed digital information and records management program is a business and reputational risk mitigation strategy. The ability to demonstrate what and why decisions and actions were taken and how they were carried out reduces the risk of non-compliance due to incomplete or inaccurate records. Reduced reputational risks that can result when information cannot be found or is compromised through unauthorised access.
Business continuity - Digital records management will better support disaster recovery and business continuity. Managing information digitally allows off-site back-up of records which a paper-based system cannot easily offer. It also safeguards vital corporate information from loss, misuse, tampering and physical damage.
Records management cost savings - from less creation, storage, retrieval and handling of paper
records.