Records Management. Policy and Practice. Manual

Transcription

1 Records Management Policy and Practice Manual State Records 1996 GPO Box 1072 ADELAIDE SA 5001 Telephone (08) Facsimile (08) &

2 TABLE OF CONTENTS Acknowledgments... 3 Introduction... 3 Rationale... 4 Implementation... 4 Updates... 5 Definition... 6 Section 1 Creation & Control... 8 Section 2 Storage Appendix -1 Records Storage Conditions Section 3 Disposal Section 4 Electronic Record Keeping Section 5 Disaster Recovery Section 6 Ownership Index State Records The contents of this Manual are copyright to State Records. The contents may be reproduced for reference purposes by South Australian State and Local Government Authorities without further reference to State Records. The contents of the Manual cannot be reproduced by other organisations or used by any organisation for commercial purposes without permission in writing from the Manager, State Records. Introduction Page 2

3 ACKNOWLEDGMENTS State Records would like to acknowledge the contribution of everyone who provided invaluable advice and assistance in the preparation of this manual. The manual was prepared by Bernadette Bean (Archivist, State Records) in consultation with Peter Acres (Project Director, Whole of Government Records Management Project, State Records), Andrew Boucher (Senior Archivist, State Records), Steve Childs (Project Officer, Desktop Systems Information Management Division, South Australian Health Commission), Jelena Comelli (RecFind Agency Administrator, Department of Transport), Jill Coombe (Business Manager, Department for Family and Community Services), Jo Duldig (Records Manager, Department for Education and Childrens Services), Alison Foley (Records Manager, Department of Premier and Cabinet), Madelaine Fulcher (Archivist, WorkCover Corporation), Ute Hart (Acting Client Services Officer, Department for Technical and Further Education), Phill Heitmann (Records Management Officer, Department of Environment and Natural Resources), Michael Hodder (Manager, State Records), Sue Myburgh (Senior Lecturer, Information Management, University of South Australia), Spiros Sarris (Senior Project Officer, Records Management, SA Water), Anna Varga (Coordinator Medical Records, Royal Adelaide Hospital), Estelle Vincent (Records Management Project Officer, Department for Correctional Services). INTRODUCTION Each government agency has a responsibility to...ensure that the official records in its custody are maintained in good order and condition (State Records Bill 1996, Section 13). The policies and practices in this manual have been written to assist agencies to meet this obligation. This manual is issued under Section 14(j) of the Libraries Act The policies and practices are applicable to all public instrumentalities as defined in Section 5 of the Libraries Act State Records endorses Australian Standard: Records Management (AS ) as an industry code of best practice and encourages agencies to do the same. The policies and practices described in this manual are consistent with the standard and, if implemented, will enable agencies to comply with that standard. Note: This Manual was written under the assumption that the State Records Act would have been promulgated by the time the manual was due for release. As this has not occurred the Manual is being released under the Libraries Act However, references to the State Records Bill remain in the text to provide a guide to agencies of the obligations and responsibilities they will have regarding recordkeeping practices once the State Records Bill has been promulgated. Introduction Page 3

4 RATIONALE The value of records to an organisation is that they provide evidence of transactions and decisions. The records enable the organisation to keep track of business transactions, be accountable for decisions made and money spent, meet service delivery and community requirements for information and provide a historical record of the organisation s operations and activities. The Government s vision for the future of the public sector is one which will require excellent recordkeeping practices. The South Australian public sector will be required to: offer a one stop service to customers where agencies appear boundaryless because customers will not need to know which agency performs a particular function in order to get information deliver faster turn around times for decision making enable personnel to work from anywhere including their homes, at clients offices and their normal place of work To ensure this vision becomes reality agencies will need to develop recordkeeping regimes which ensure that full and accurate records are created and maintained, that authorised access to those records is timely and secure and that records which are no longer required for administrative purposes are identified quickly. It is therefore essential that agencies develop a systematic approach to recordkeeping and that this approach is incorporated into the strategic programmes established to support agency services and functions. Implementing good records management practices is not an option or merely desirable, it is a fundamental prerequisite for the efficient running of the organisation. The international quality systems standards (ISO 9000 series) demand that organisations have a level of good recordkeeping before accreditation can be obtained. IMPLEMENTATION This manual contains policy statements on a variety of records management related issues. They are divided into broad subject categories but many overlap. Policy statements are the minimum standard which an agency must meet to fulfil its obligations under the State Records Act Each policy statement is followed by practice guidelines which include steps and strategies to assist agencies in meeting the particular policy requirement. The guidelines are as broad as possible while taking into account mandatory minimum standards of best practice. Typically a strategy is suggested which will enable the agency to meet its obligations while allowing for the individual differences (in terms of size, resources and requirements) between agencies. The guidelines do not normally specify a particular product or system (such as file numbering system). The obvious exception to this rule is the RecFind records management software that has been mandated for use across all State Government agencies. The guidelines occasionally refer to specific functions of the RecFind product in order to demonstrate a particular strategy. Local Government authorities and State Government authorities with an exemption Introduction Page 4

5 from RecFind should not be deterred from implementing the guidelines which specify RecFind functions as the information given would be equally applicable to other records management systems. A number of the polices in this manual recommend the survey of record holdings for a variety of reasons. Agencies should investigate the possibility of conducting a single survey which meets all of their requirements including the identification of vital records, the assessment of disposal schedule needs, the evaluation of storage requirements etc. In addition to this manual, agencies can contact State Records for advice regarding the implementation of a particular policy or strategy or the method which would be most suitable for that agency. UPDATES From time to time State Records will issue updates to this manual either in the form of completely new policies or amendments or additions to existing polices. A register of recipients is maintained by State Records and all registered recipients will receive copies of the updates on disk. All disks have a date and version number on the label and each section has an issue date and version number. Please ensure that you keep your manual up to date by replacing old versions as soon as you receive the updated versions. Introduction Page 5

6 DEFINITIONS For the purposes of this manual, the definitions from Australian Standard - Records Management apply except where otherwise identified Accountability The principle that individuals, organisations and the community are required to account to others for their actions, organisations and their employees must be able to account to appropriate regulatory authorities, to shareholders or members and to the public to meet statutory obligations, audit requirements relevant standards and codes of practice and community expectations. Appraisal The process of evaluating business activities to determine which records need to be captured and how long the records need to be kept, to meet business needs, the requirements of organisational accountability and community expectations. Archives Those records that are appraised as having continuing (or permanent) value. Business Activity Umbrella term covering all the functions, processes, activities and transactions of an organisation and its employees. Includes public administration as well as commercial business. Classification The process of devising and applying schemes based on the business activities which generate records, whereby they are categorised in systematic and consistent ways to facilitate their capture, retrieval, maintenance and disposal. Classification includes determining document or file naming conventions, user permissions and security restrictions on records. Disposal A range of processes associated with implementing appraisal decisions. These include the retention, deletion or destruction of records in or from recordkeeping systems. They may also include the migration or transmission of records between recordkeeping systems, and the transfer of custody or ownership of records. Disposal Authority (Schedule) A formal instrument that defines the retention periods and consequent disposal actions authorised for classes of records which are described in it. Introduction Page 6

7 Documents Structured units of recorded information, published or unpublished, in hard copy or electronic form, and managed as discrete units in information systems. Electronic Records Records communicated and maintained by means of electronic equipment. Function The largest unit of business activity in an organisation or jurisdiction. Metadata Data describing data and data systems, that is the structure of databases, their characteristics, location, usage and the like ( Metadata and the Archival Management of Electronic Records, David Wallace in Archivaria 36;1993). Recordkeeping Making and maintaining complete, accurate and reliable evidence of business transactions in the form of recorded information. Recordkeeping Systems Information systems which capture, maintain and provide access to records over time. Records Recorded information, in any form, including data in computer systems, created or received and maintained by an organisation or person in the transaction of business or the conduct of affairs and kept as evidence of such activity. Records Management The discipline and organisational function of managing records to meet operational business needs, accountability requirements and community expectations. Registration The act of giving a record a unique identity in a recordkeeping system. Thesaurus A keyword thesaurus provides control and consistency over the vocabulary used for titling and indexing records (Keyword AAA: A Thesaurus of General Terms, Records Management Office of New South Wales, 1995). Introduction Page 7

8 Section 1: Creation and Control Policy Status: Approved Version: 1 Date of Issue: September 23, 1996 Introduction Records are created to provide evidence of the business activities carried out in our organisations. They help fulfil the requirement of government to be accountable for the decisions it makes and the resources it uses. Records provide a means of tracking business transactions, increasing the efficiency of those transactions and allow the chronicling of the corporate memory. Essentially, records are an important and valuable asset for any organisation and their creation and control should be managed accordingly. Records control procedures should be established and strictly adhered to and they must encompass the creation and control of all records including electronic records, financial records and human resources records as well as traditional paper based correspondence and subject files. All staff within an agency should be made aware of these procedures and any responsibilities they may have to ensure they are adhered to. This Section addresses the situations in which records should be created, the way records should be classified and tracked and the management of incoming mail. 1.1 Policy Records must be created in all instances where there is a need for an agency or individual to be accountable for, and/or provide evidence of, decisions made and actions taken Records should be created in the following situations: where evidence of an agency s functions, activities and transactions is required where a requirement may exist (or develop) to prove that proper decision making processes have been followed where there is the possibility that members of the public or other parties will have a requirement to know what activities have taken place, what decisions have been made, the order and time in which events occurred and the people involved where there is a need to protect the rights or interests of the organisation, its employees, its clients or the general public where their absence could cause the inability of the Government, the Minister or employees to defend themselves against legal action or accusations of impropriety or fraud where their absence might result in political embarrassment where there is a specific legislative requirement for a record to be maintained Section 1: Creation and Control Page 8

9 1.1.2 The creation of specific records is not prescribed by the State Records Bill but other legislation will often mandate the creation and maintenance of certain records. It is each agency s responsibility to ensure that relative legislation is monitored and that appropriate changes are made to record creation and maintenance practices Agencies are encouraged to identify instances where new record types will be required (eg. new legislation or regulations, taking on a new function etc.) as early as possible and to alert State Records so that preparation of new disposal schedules can be planned. 1.2 Policy Records should be uniquely identified and registered on the corporate records management system as soon as they are received/created and no other records management processes affecting the record should take place until registration is complete Registration of records should link the record to descriptive information about the context of the record and to related records and should consequently include the following information: unique identifying label such as name or number (or both) creating agency and/or individual whom the record was intended for (recipient) the date the record was created and/or received the level of security or sensitivity that has been accorded to the content Registration of electronic records must include additional contextual information which is discussed in greater detail in Section 4 Electronic Recordkeeping Many of the above details can be made mandatory fields in electronic records management packages such as RecFind. It is the responsibility of the Agency Administrator to select the most appropriate file and document registration number formats, file title structure and file type codes for the agency s use. This policy does not mandate the use of any particular format, structure or codes. 1.3 Policy Records must be classified by a hierarchical thesaurus which meets the conventions of ISO Agencies should use a combination of the general administrative thesaurus and an agency specific thesaurus to help consistently classify records. Their use may be automated through the use of records management software systems such as RecFind. Section 1: Creation and Control Page 9

10 1.4 Policy Record security requirements should be established at creation/registration and should include identification restrictions relating to their availability for access, use or alteration The electronic records management system used by the agency should prompt for the security classification of the record during registration. For example in RecFind the Add File and Add Document screens contain security prompts, completion of which should be made mandatory Each organisation will have unique security requirements for various records and it is the Agency Administrator s role to ensure that these are identified and used. Some considerations in regard to the sensitivity of particular groups of records include: whether or not the records contain personal information concerning individuals whether or not the records contain information which is considered commercial in confidence whether or not the records contain information which needs to be restricted to senior management Access rights and restrictions affected by Freedom of Information legislation or the Information Privacy Principles should be determined and reflected in the security designation of records. Specific restrictions or access rights established under specific legislation should also be reflected in the security designation. 1.5 Policy The physical movement of records should be documented sufficiently to ensure that physical items can be located as required All transactions relating to an individual record should be recorded in the recordkeeping system. Such transactions include registration and classification, modification, physical movements, and ultimate disposal. Section 1: Creation and Control Page 10

11 1.5.2 A log of record movements should be kept, although it is the Agency Administrator s role to determine the number of movements to be retained (RecFind allows between 5 and 99 movements to be kept for each record). Wherever possible the recording of record movements should be automated. Electronic records management systems offer several options for recording movements. The most comprehensive is the barcode facility which allows a large quantity of movements to be processed in a short space of time. All barcode systems should comply with standard 3 of 9. If an automated system is not used, reliable manual means of recording the movement of records should be maintained. For example manual updating via the File Movement module in RecFind when a record is moved could be made mandatory. In this instance all officers should be made aware of their responsibilities and trained in the use of RecFind so that they can adequately complete this task Regardless of whether the agency s hardcopy records are barcoded or not, regular location audits should take place. The physical location of all files, loose documents and other physical items should be audited and the database/movement record updated accordingly. Naturally, it is much easier and speedier to audit barcoded records, especially by using portable barcode readers. Wherever possible, location audits should include checks to ensure that records are in areas or with people consistent with their security requirements. 1.6 Policy The system used to manage records must be able to be monitored and should be monitored regularly to ensure that the identification and retrieval of information remains consistent It is the Agency Administrator s role to perform both regular and random checks of the data added to the data base. This can be done through the Audit Trail facility offered by most software packages. 1.7 Policy Mail handling procedures should ensure that mail is dealt with in a timely manner and that the flow of correspondence within individual agencies and throughout the government is as efficient as possible. Suitable resources must be devoted to this process Each agency must develop mail management procedures for both traditional paper-based correspondence and electronic mail (refer also to Section 4). Such procedures should be endorsed by the Chief Executive Officer and be widely promulgated within the agency so that all officers are aware of their responsibilities in this regard. While each agency will have varying requirements with regard to mail management the points listed below must be included and/or addressed: Section 1: Creation and Control Page 11

12 1.7.1 (a) Incoming correspondence (including that received through Australia Post, Courier Services (eg AusDoc), facilities, facsimile or by personal delivery) should be opened and registered on the records management system at the earliest opportunity. In some cases this will happen in a central registry, in others it may happen at a branch or section level, and in others by an authorised action officer. No correspondence should be forwarded for action before it has been registered (b) Although some mail is of a confidential nature (eg job applications, counselling reports etc.) it still requires registration. Therefore mail that is specifically marked personal or confidential can be opened directly by the identified person only if that person ensures that appropriate mail is registered. Non-registry officers who are likely to receive a large quantity of confidential mail (such as personnel managers) could be targeted to receive training in the registration and classification of mail. A record of unopened mail sent to any person should be kept and the addressee should be required to assert that the record has been properly registered where applicable. Alternatively such mail should be opened by a senior person (within registry if applicable) who has adequate security clearance. If this strategy is adopted all personnel should be informed that mail marked personal or confidential will be opened by other staff (c) Mail should be registered as soon as possible after it is received and certainly before it is forwarded to the relevant action officer (d) Unsolicited junk mail should not normally be registered or filed (e) The opening and registering of particular categories of documents, such as tender documents or cheques, must be carried out according to relevant central agency circulars or instructions (Refer to Treasury Instruction Remittances by Post Mail Opening ) (f) The internal distribution and collection of mail should be well planned and regular so that there is confidence in the system. This should avoid people by-passing the system, or maintaining separate (and sometimes duplicate) systems, which reduce the operating efficiency of the agency (g) Outgoing mail should be collected and despatched rapidly so that customers develop a favourable image of the organisation. All mail should be despatched within 24 hours of the date written on the correspondence. Section 1: Creation and Control Page 12

13 1.7.1 (h) In order to present a professional image and reduce queries from recipients, all officers preparing outgoing correspondence should be trained to comply with outgoing mail procedures. Such procedures should include ensuring correspondence is appropriately registered, ensuring that letters are signed, adding file reference numbers, ensuring attachments or enclosures are included, producing file copies or transferring electronic mail messages to the corporate system (refer Section 4: Electronic Recordkeeping) (i) Mail management procedures should be monitored to ensure efficiency remains high and to identify potential for improvement. Monitoring can include customer feedback and random test letters which can be followed through the distribution process to check how long each step takes. Please note that points 1.7.1(a)-(i) were adapted from Public Records Policy 5: Policies and Standards Manual: Records Management, Public Records Office of Western Australia. Acknowledgments and Referenced Documents: A Report on the Development of a Documentation Standard for Commonwealth Agencies - Proposed Theoretical Basis, Australian Archives, September 1995 Australian Standard: Records Management (AS 4390), Standards Australia, 1996 International Standard: Documentation - Guidelines for the establishment and development of monolingual thesauri (ISO 2788), International Standards Organisation, 1986 Policies and Standards Manual: Records Management, Public Records Office of Western Australia, 1992 Section 1: Creation and Control Page 13

14 Section 2: Storage Policy Status: Approved Version: 1 Date of Issue: September 23, 1996 Introduction Storage facilities should be designed to ensure the most efficient use of space, time, human resources and money and must provide appropriate levels of protection for records. The design and placement of the most suitable storage arrangements will vary according to a number of factors including the physical characteristics of the records, the expected access rate of the records, the level of security applicable to the records, the length of time for which the records need to be retained and the resources available to the agency. It is essential that these factors be considered and incorporated into an agency s ongoing storage arrangements. It is likely that an agency will have a variety of storage areas and arrangements for different records. 2.1 Policy Records must be stored in conditions which ensure that they are accessible and retrievable in appropriate timeliness for the length of time they are retained There are basic requirements which need to be met for the storage of all records whether they are stored in working-office areas or in a secondary or archival store: (a) The physical environment should be clean and free from dust. Storage areas should be swept and/or vacuumed regularly and should be kept clean and tidy (b) The records should never be exposed to direct sunlight and should be kept away from other sources of light and heat as much as is practical. Storage areas should not have outside windows. If the area does have outside windows cover them from the inside and seal the edges. Ultra-Violet (UV) filtered lighting should be used. If the records require airconditioned storage (refer to table in Appendix 1) separate air-conditioning should be available in order to maintain a constant temperature and relative humidity (the optimum temperature and relative humidity for record storage depends on the media being stored) (c) The physical environment should be free of insects and rodents. Options for regular fumigation of storage areas should be investigated. Food should never be stored or consumed in a records storage area. Section 2: Storage Page 14

15 2.1.1 (d) There should be minimal risk of damage from natural disaster such as fire, water and mould. Ensure that storage areas are adequately protected in the event of a fire or similar disaster (refer Section 5: Disaster Recovery). Also ensure areas are well ventilated to avoid the growth of mould. There must be a policy of no smoking in all records storage areas (e) It should be possible to retrieve records accurately and in a time period appropriate to the urgency of the retrieval request. Itemised indexes, registers or lists of records which include location details should be maintained and accessible to all people requiring access to records to ensure both accurate and timely retrieval. A computerised records management system (such as RecFind) is the easiest and most comprehensive way to provide this access. 2.2 Policy Records which are no longer required for day-to-day access which have been identified as having a specified temporary retention period (via a records disposal schedule) should be removed from working office areas In most cases removal to an off-site storage facility is the most costeffective option for the storage of inactive, temporary value paper records. The following storage conditions should apply in addition to the basic conditions outlined in point (a)- (e) above: (a) Records should be stored in boxes or similar packaging to protect them from light and dust. The boxes must be strong enough to withstand handling and the weight of the records they contain. Boxes should be designed to suit the particular records they will contain (ie there should be boxes suitable for files, A3 computer printouts, cards etc.). It is possible to simply bundle records together (to save time and boxes) although the inability to adequately label the bundles causes retrieval difficulties (b) The facility should provide pallet storage, shelving or cabinets which are appropriate for the record formats being stored. There should be shelving appropriate for the storage of different size boxes, maps and plans (vertical, hanging storage is preferred), large volumes, reel-toreel backup tapes etc (c) The facility may need to have air-conditioning and environmental controls to adequately protect the records. This will vary according to the format of the records and the length of time they need to be retained. Refer to Appendix 1 for further details. Section 2: Storage Page 15

16 2.2.2 (d) The facility must have fire alarm, detection and suppressant systems. There must be a policy of no smoking in all records storage areas (e) If possible the facility should be a dedicated building or area of a building used solely for the storage of records. This aids the maintenance of optimum lighting and environmental conditions and reduces the risk of unauthorised access (f) Access to storage areas should be restricted to personnel with appropriate authority. Security measures such as alarms, patrols and staff security checks should be appropriate to the content of the records. Depending on the security level of the records and the number of people accessing the records there may be a requirement to maintain a record of persons entering the building or area (g) A pest and vermin control programme should be implemented (h) To facilitate retrieval, an itemised record of the contents of the boxes should be prepared (State Records refers to these lists as consignment lists). If records are to be stored with a commercial service provider ensure, before you begin work, that the boxes and consignment lists you use comply with the provider s requirements (i) Ensure that the location of the facility and the retrieval service offered is compatible with the agency s requirements for retrieval turn-around. 2.3 Policy To ensure their longevity records which have been identified as having permanent or continuing value should be stored in conditions which satisfy minimum standards for permanent records Under the State Records Bill 1996 (section 19) records identified as having permanent value must be transferred to State Records no later than 15 years after the year in which they were created unless alternative storage arrangements are approved by the Manager, State Records. Notwithstanding the 15 year rule, agencies are encouraged to transfer permanent value records as soon as administrative use ceases. For the purposes of this policy the environmental conditions and safety standards for the storage of permanent records given in Appendix C of Australian Standard - Records Management must be adhered to before such approval will be given. Section 2: Storage Page 16

17 2.3.2 In the case of records in electronic format which are identified as having permanent value it may not be necessary or desirable to transfer to State Records. Agencies must choose between the following options: (a) Maintaining the records through migration - This option is particularly suitable in cases where transferring records to hard copy would render the records useless (eg electronic data bases where the value of the records is enhanced by searching and reporting facilities). It is the agency s responsibility to maintain both the records and the machinery needed to access them. This will mean that the data and the metadata required to make sense of the records will need to be migrated to new hardware and operating platforms as part of the upgrading process. The agency s corporate planning (including IT policies) will need to incorporate this requirement (b) Transferring records to hard copy (paper or microform) - In some instances constant migration of records may not be cost effective or practical. Records can be transferred to hard copy (paper or computer output microform) and transferred to archival storage in the normal manner. 2.4 Policy Records should be stored in conditions which take into account their physical characteristics, sensitivity, retention period and expected access rate There are basic requirements which need to be met for all records storage areas. These are outlined in points 2.1.1(a)-(e). However, the factors listed here will determine any additional or special storage requirements and must be considered when establishing storage arrangements. In general, a combination of these factors will determine the ultimate storage conditions for particular records Physical Characteristics: Records may be in a variety of formats and media including files (typically paper), loose papers, bound volumes, maps and plans, cards, photographic prints, negatives and slides, film, microform, magnetic and optical media, audio recordings and other physical objects (eg core samples). Each format or media requires protective packaging and environmental conditions that are suited to the composition and design of the records. State Records can provide advice regarding these issues or, alternatively, agencies may consult an organisation which specialises in conservation or the suppliers of the media being stored. Section 2: Storage Page 17

18 2.4.3 Sensitivity or Security: All official records should be stored in such a way as to minimise the potential for unauthorised access. However, records which have added sensitivity, for example those recording commercial interests or those relating to personal privacy, will require additional security arrangements. Once such records are identified they should be stored separately from less sensitive material. Security options include: (a) In the office area use lockable cabinets or compactus units and keep a register of persons given keys and/or authority to access the records. It may also be necessary to keep a record of who has accessed the records and when that access has taken place (b) Store the records off-site either in another building belonging to the agency or with a commercial service provider. Again, keep a record of the persons with authority to access the material and, if necessary, a record of who does access the records and when that access takes place. Commercial service providers should be willing to put into place any measures you require to restrict access to the records (c) In the case of sensitive electronic records ensure that South Australian Government Information Technology Security Standards are adhered to. The conduct of regular record audits and the use of the electronic access log to detect breaches will help maximise security efforts Retention period: One of the reasons it is so important to have all records covered by a records disposal schedule (refer to Section 3: Disposal) is to help identify storage requirements for various records. Considerations include: (a) If records are only required to be kept for a short time (anything less than about two years) it may not be cost effective to transfer the records to off-site storage prior to destruction (b) Again, if records only need to be kept for a short period, and the physical characteristics are known to last for that time period, specialised storage arrangements may not be required (c) In the case of hard copy records which are required to be kept for more than two years it is normally cost-effective to transfer them offsite as soon as day-to-day administrative use has ceased (d) Electronic records that form part of other format types (eg an electronic copy of an image or document that is part of a paper format file) will be subject to the same disposal requirements that apply to the paper record. Section 2: Storage Page 18

19 2.4.4 (e) Electronic records which have been identified as having a long retention period will require the appropriate environmental conditions for their storage. It will also be necessary to ensure that the appropriate hardware and software are maintained for the length of the retention period (f) Records identified for permanent retention as state archives will need to be treated with the highest standards of physical and environmental storage from the time they are created to ensure their longevity. Such records should be transferred to an appropriate archival storage facility as soon as practicable. NB: Agencies are referred to Australian Standard - Records Management AS Appendix C for storage conditions applicable to long term temporary and permanent records and to the Supplies and Materials Policy which appears in this manual for guidelines on the paper and folders which should be used for records identified as having permanent value Expected access rate: The optimum time to transfer records off-site will vary between agencies according to the nature of the records they use. In general, records should be transferred to secondary storage as soon as is practicable after active use ceases. That is, when immediate access for reference or additions is not critical. The key issue is managing the risk of not having the record available for immediate access should access be required. In some cases it will be of minimal importance while in others it will be critical. Agencies should bear in mind that many off-site storage providers offer extremely fast urgent retrieval options, although there will obviously be costs associated with these services (a) Example of access rate evaluation: A court record relating to a traffic offence is unlikely to be accessed once any fines have been paid and the appeal period has lapsed. It may therefore be reasonable to transfer the record to off-site storage after just two months. Even if there were to be an inquiry regarding the record, any delay accessing the record from off-site storage would be considered reasonable. Section 2: Storage Page 19

20 2.5 Policy In cases where records are stored with a commercial service provider a records storage services contract should be prepared A service provider contract should state the responsibilities and obligations of both the provider and the agency which owns the records. It should also clearly describe the service or services to be offered and the charges for each of these. Agencies are reminded to consider carefully any clauses of a contract which deal with the removal of records before the contract period expires. Agencies are referred to Australian Standard - Records Management AS Appendix D for a full list of the issues which should be covered by a records storage services contract. 2.6 Policy All records storage facilities used by an agency (including those provided by a commercial service provider) must comply with occupational health, safety and welfare requirements for manual handling and lighting Agencies should not select commercial service providers unless their occupational health, safety and welfare standards meet those outlined here Storage containers such as boxes should not be uncomfortably heavy if they are to be lifted without the aid of mechanical lifting devices. Eight (8) kilograms is an acceptable weight for boxes filled with paper Unless mechanical lifting and carrying devices (such as cherry pickers) are available shelving should not be so high as to make retrieval of items dangerous. Strongly constructed ladders with wide steps and platforms on which to rest items should be provided Personnel should be trained and encouraged to use correct lifting practices and the necessary equipment for them to do so (eg ladders, trolleys etc.) should be provided Boxes and other storage containers should be constructed of appropriately strong material. Boxes which require sticky tape or other fasteners should never be used (ie. only use boxes which are folded) Shelving should be of a suitable gauge to hold the weight expected to be stored and should never be loaded beyond this weight capacity Storage containers should not be over-packed. Approximately 2-3 centimetres of space should be left to allow easy manoeuvring and to reduce the risk of contents spilling out when removed from the shelf. Section 2: Storage Page 20

21 2.6.8 Heavy items (over 4 kg) should never be placed above waist height on shelves if they are to be lifted without the aid of mechanical lifting devices Ensure lighting in corridors and walkways is sufficient to enable visibility. Use UV-filtered lighting that travels in the opposite direction to the shelving Lighting in storage areas should cause minimal damage to records and is therefore unlikely to prove suitable for long periods of reading. Ensure separate, well lit working areas (including sorting and processing areas) are provided Do not use time controlled lighting in storage areas. Acknowledgments and Referenced Documents: Australian Standard - Records Management (As 4390), Standards Australia, 1996 Policies and Standards Manual - Records Management, Public Record Office of Western Australia, 1992 South Australian Government Information Technology Security Standards - In An Outsourced Environment, Version 1.0, Office of Information Technology, 1994 (now available through the successor agency - the Department of Information Industries) Section 2: Storage Page 21

22 Short Term (0-10yrs) Paper and microform media Short Term (0-10yrs) Magnetic media APPENDIX 1: RECORDS STORAGE CONDITIONS Atmosphere Lighting Packaging Maintenance Avoid direct light where possible Avoid severe fluctuations in temperature and relative humidity Refer to storage information supplied by distributor Use boxes or other appropriate packaging for records which are no longer in active use Keep all areas clean and free from dust Food should not be stored or consumed in records storage areas Medium (10-30yrs) Paper and microform media Medium (10-30yrs) Magnetic media Maintain constant temperature and relative humidity (optimum conditions: C, RH 50-60%) Ensure air condition filters out sulphur dioxide from incoming air Ensure there is ventilation or air flow to Refer to storage information supplied by distributor Avoid direct light Use UV filters on fluorescent lamps Outside windows should be blocked up or covered Use boxes or other appropriate packaging for records which are no longer in active use Ensure areas are cleaned regularly and free from dust Food should not be stored or consumed in records storage areas Fumigate regularly Long Term and Permanent (30 yrs + ) All media Refer to Australian Standard - Records Management AS Appendix C Section 2: Storage Page 22

23 Section 3: Disposal Policy Status: Approved Version: 1 Date of Issue: September Introduction Disposal programmes involve the appraisal, sentencing, transfer to secondary storage and ultimate disposition (where the records are either transferred to archives or destroyed) of records, and should be included in the normal business operations of the agency. The programmed disposal of records in accordance with approved disposal schedules should be as routine as the payment of invoices or the preparation of annual budgets. 3.1 Policy Disposal of official public records can only be authorised by the Manager, State Records after approval has been sought from the State Records Advisory Council (State Records Bill 1996, Section 23(1)). Authorisation is given in the form of a disposal schedule General Disposal Schedules are approved from time to time and cover many of the records commonly created by government agencies. Agencies should make use of the General Disposal Schedules (GDS) available for their particular level of government (state or local) to dispose of common administrative records For records that are unique to a particular agency an operational or functional records disposal schedule (RDS) must be prepared and approved before records can be disposed of.. The schedule should encompass all of the agency s functional records. The development of such a schedule should involve the following steps: Step 1. A survey of record holdings (include electronic records) to determine the number of record categories, the types of information contained in each category, the use or need (including potential) for this information and the links between the various categories Step 2. The appraisal or evaluation of each category according to established archival criteria to determine the length of time each category of record must be retained. NB: Broadly speaking the appraisal criteria are the relative legal, financial, administrative, evidential and historical or cultural values of the records. A more detailed description of the appraisal process which should be followed is available in Australian Standard AS Step 3. The preparation of a schedule (or list) describing each category of record, giving the retention sentence and providing a recommendation regarding the most appropriate storage site for the records at each stage of the continuum. The tasks identified in step 1 above can be carried out by suitably trained agency personnel. The tasks in steps 2 and 3 should only be carried out by archivists or in consultation with archivists. Section 3: Disposal Page 23

24 3.1.3 Disposal schedules should be reviewed regularly to ensure that they remain relevant and that all records created by an agency are covered. This should be done every five years or earlier if major changes, such as restructuring, technology changes or alterations to relevant legislation, occur within the agency. 3.2 Policy Agencies shall take all reasonable steps to reduce the cost of storing records through the implementation of appropriate disposal programmes. The disposal programme should include regular culling, transfer to secondary storage and/or archives and physical destruction of appropriate records in accordance with approved disposal schedules The disposal of records should take place on a regular basis so that storage spaces do not become overcrowded and to allow forward planning in terms of space, equipment and materials. Whether this happens monthly, annually or in some other set period will depend on a number of variables such as the size of the agency, the on-site space available, the format of the records and available resources. State Records can provide advice to agencies wishing to establish regular disposal routines Records identified for permanent retention must be transferred to State Records no later than 15 years after the year in which they were created unless the agency has made other arrangements which are suitable to the Manager, State Records (State Records Bill, 1996 Section 19) To enable maximum operating efficiency the only records which should be stored in working office areas are those which are required for frequent administrative use. Records which are accessed infrequently or those which are required to be kept for a specified period, normally called semi-active records, should be removed away from office areas as soon as immediate access is no longer critical. In high cost CBD offices the records would be transferred to more economic and spatially efficient off-site storage, while in regional and rural areas they may simply be moved away from working areas. (refer to Section 2: Storage for further information) Some consideration should be given to the format in which the records are retained, particularly where there is a large volume of records, access to off-site storage is limited or there is likely to be a high access rate. It may be more economical to transfer (or indeed create) such records to microform or implement an imaging programme. (Refer to Section 4: Electronic Recordkeeping for more information regarding maintenance of permanent records in electronic format) Section 3: Disposal Page 24

25 3.2.5 Agencies should utilise their records management software to its fullest potential which includes loading the general disposal schedule and all operational schedules into the software and adding the retention sentences to all records managed by the software. This is preferably done when the records are created. The software should provide options for listing records which have been inactive for a specified period or those which are due to be destroyed, archived or sent to secondary storage and this facility should be used regularly. The software should also have the capacity to keep track of records which have been destroyed and those which have been transferred off-site or to State Records. This function will enable agencies to comply with policy item 3.5 below Although it is recommended above that records be sentenced at creation it is important, particularly in the case of correspondence or subject files, to monitor the subject matter of records to ensure that it does not alter after the first folio is added and the file is sentenced accurately. Another reason records may need to be checked prior to disposal is that many disposal schedules require correspondence or subject files of significance (eg matters causing significant public interest), to be retained permanently and it is often not possible to determine which subjects will be significant at the time of creation. It is normal practice to review such records at the time of disposition to double check that the correct sentence is being used to dispose of the record. Such close monitoring and double checking is not normally necessary in the case of large categories of similar records such as financial batches or personnel records It is often cost effective to sort records being transferred from active work areas directly into appropriate boxes with records having similar sentences. For example, records of temporary value that are to be destroyed in 2 years should be in separate boxes to records with a 20 year retention sentence. Records of permanent and temporary value should never be transferred in the same box. 3.3 Policy All agency personnel who have dealings with records must be aware of their legal responsibilities relating to the disposition of agency records The establishment and implementation of a disposal programme within an agency should be the responsibility of the Corporate Records Manager. Section 3: Disposal Page 25

26 3.3.2 Although the bulk of the responsibility for records disposal will reside with the Corporate Records Manager, all agency personnel will need at least a basic understanding of the systems in place within their workplace and any responsibilities they may have with regard to ensuring those systems operate effectively. Policy and procedure documentation, setting out the main points to be observed by all personnel, should be prepared and provided to all employees. 3.4 Policy Agencies shall ensure that physical destruction of records will be carried out in accordance with best practice applicable to the type of record and its relative security requirements Most hard copy records should be destroyed confidentially to avoid sensitive material being left where unauthorised people can gain access. Confidential destruction means shredding, burning or pulping of material. The most environmentally responsible way to confidentially destroy records is to have them shredded and recycled When destruction is carried out by an organisation other than the creating agency ensure that: records are secure from unauthorised access at all times during pickup, transport and pre-destruction storage (this period should be minimal) it is possible for agency representatives to witness the destruction if they wish lists of boxes or items due to be destroyed are forwarded to the agency for review in cases where the records have been stored with the same commercial service provider who will perform the destruction a certificate of confidential destruction is provided NB: agencies should ensure that these points are covered by the service provider s contract if the destruction is carried out by the same provider storing the records (refer Section 2: Storage) Some records, if they are not sensitive in any way, can be disposed of with normal rubbish collections. If choosing this option, check pick-up times for bins and place material in them just prior to pick-up In the case of electronic records it is not normal to destroy the media itself, rather the information only is destroyed. Records in electronic format can only be destroyed by reformatting or rewriting which ensures that the data and any pointers in the system are destroyed. Delete instructions do not offer adequate security as data may be able to be restored or recovered. Section 3: Disposal Page 26

27 3.5 Policy Disposal must be documented in such a way as to explain the rationale for the decisions made as well as provide sufficient evidence of the ultimate disposition of all records to adequately fulfil administrative requirements Records of agency decisions regarding the approval of disposal schedules should be created and retained Annotations to entries in the records management software (or other appropriate indexes or registers) should be made when a record is transferred off-site or destroyed. As well as providing evidence of activities this process saves time spent looking for records. Acknowledgments and Referenced Documents: Australian Standard: Records Management (AS 4390), Standards Australia, 1996 Policies and Standards Manual - Records Management, Public Record Office of Western Australia, 1992 Section 3: Disposal Page 27

28 Section 4: Electronic Recordkeeping Policy Status: Approved Version: 1 Date of Issue: September Introduction In order to offer a speedier, more efficient and more informative service, many of the business transactions of government are now conducted electronically. Our clients have developed an expectation that many of the products and services offered by government agencies will (or should) be offered in electronic form. While it may improve our profile, and in some instances our profit line, to offer such electronic products and services, this technological advancement has provided unique problems for records managers. The very things that are most attractive about conducting business electronically, for example the speed with which information can be transmitted or the huge quantities of information that can be readily accessible in an electronic data base, also pose the most difficult problems for recordkeeping. The policies and practices outlined in this section address the problems unique to electronic recordkeeping including: capturing records as evidence of business transactions (as opposed to merely storing huge quantities of information electronically); maintaining the integrity and security of data; the current lack of an established culture of filing and keeping electronic records, particularly as many electronic records are created and transmitted without going through a central registry; electronic records are more likely than hard copy formats to be treated as personal records rather than corporate records; the contextual information about electronic records is not always stored in the same place as the record in the system (whereas a paper based file has contextual information on the cover and the whole record is stored together). Adoption of these policies and practices will ensure that such problems are overcome. Agencies are reminded that the policies and practices outlined in other sections of this manual are also applicable to electronic records and that electronic records are subject to Freedom of Information and the Government s Information Privacy Principles like all other records. Section 4: Electronic Recordkeeping Page 28

29 4.1 Policy The business processes and systems of each agency must operate to capture records which provide evidence of all business transactions conducted electronically and to ensure that those records retain their integrity and are accessible for the length of time they are retained Each agency must: identify all situations where records are created (or need to be created) electronically; determine what contextual information (or metadata) must be collected concerning those records in order that they fulfil evidential requirements; ensure that electronic recordkeeping systems facilitate the capture of both the records and the metadata The electronic recordkeeping systems incorporate such security measures as required to manage the content, context and structure of electronic records to ensure that records and connected metadata remain inviolate (ie they cannot be manipulated or altered) In order for electronic records to remain accessible to authorised users for as long as necessary each agency should: carry out appraisal and sentencing of electronic records before new hardware or software is installed to reduce the need for continual migration of records; ensure that all electronic records and connections between associated metadata are accessible for the length of time they must be retained (identified in a disposal schedule); ensure that where remote access is provided for, data integrity and security is maintained. Section 4: Electronic Recordkeeping Page 29

30 4.2 Policy Consideration of the maintenance and disposal of official electronic records will be incorporated into an agency s Corporate and IT planning All electronic records (including word processing documents, spreadsheet documents, data base records etc.) which are required to be kept as evidence of business transactions will be maintained for the period of time they are required (identified in a disposal schedule), taking into account the following issues: the agency s vital electronic records should be identified and treated with appropriate care (eg duplicates stored off-site, maintaining duplicate systems etc.) (refer to Section 5: Disaster Recovery for further information concerning vital records); records and metadata which are still required must be migrated to new systems when upgrades occur and provision be made in IT planning (this must include records which have been archived to disk or tape); records and metadata of permanent value must also be migrated and the agency will need to make provision for access to these records by the public when the restriction period has elapsed; backup procedures appropriate to the value of the records (including the storage of regular backup disks or tapes off-site) should be identified and implemented When electronic records are no longer required they should be destroyed by reformatting or rewriting ( delete instructions do not prevent restoration of data). 4.3 Policy Each agency will develop and adopt procedures to ensure that electronic mail messages are managed in a similar way to other mail An agency s electronic mail management (including , voice mail, electronic faxes etc.) procedures should form part of its overall mail management procedures and should be endorsed by the Chief Executive Officer (see also Section 1, clause 1.7.1). The procedures relating to electronic mail management must: include guidelines for the use of messaging systems; formalise each person s responsibilities; take into account the unique qualities of electronic mail (versus traditional paper-based mail) The procedures should address the following issues: Section 4: Electronic Recordkeeping Page 30

31 4.3.1 (a) Electronic messaging systems are far more likely to be used for the sending of personal messages than formal paper-based correspondence systems. Therefore, electronic mail management procedures must first allow for the weeding out of personal messages which include: those that do not directly relate to the conduct of the agency s business; notices or invitations to attend meetings or functions; messages which perform a similar function to an informal telephone call; those containing copies of information for the recipient s interest (b) Those messages which must be treated as official records (because they provide evidence of business transactions) must be treated in the same way as other corporate records and will therefore require filing of some sort. Options include: Printing the record, with its associated contextual information or metadata (sender s name, addressee(s), time and date sent, details of linkages to other records such as attached word processing documents or spreadsheets, security classification etc.), and registering and filing it in the appropriate paper-based file. Ensuring that the record (with its associated metadata) is captured in the appropriate corporate electronic file. The record must also be registered according to agency procedures. An electronic records management software system such as RecFind can manage such records in the same way details of more traditionally formatted records are managed (c) Electronic messaging systems must be set up in such a way as to offer the same security as traditional paper based systems. Messages should be inviolate, ie they cannot be manipulated or altered The electronic mail management procedures must be forwarded to all personnel with access to electronic mail facilities and appropriate training provided to enable them to fulfil their obligations. Further Assistance Agencies are referred to the South Australian Government Information Technology Security Standards (originally published by the Office of Information Technology but available from the Department of Information Industries) for more information regarding security of electronic data. Section 4: Electronic Recordkeeping Page 31

32 Referenced Documents: Australian Standard: Records Management (AS 4390), Standards Australia, 1996 Corporate Memory in the Electronic Age - Statement of a Common Position on Electronic Recordkeeping, Australian Council of Archives, 1996 Documenting the Future: Policies and Strategies for Electronic Recordkeeping in the New South Wales Public Sector, Archives Authority of New South Wales, 1995 Electronic Evidence: Strategies for Managing Records in Contemporary Organisations, David Bearman, 1994 Electronic Records: An Investigation Into Retention, Storage and Transfer Options, Library and Information Service of Western Australia, 1993 Guidelines for the Management of Electronic Records, Department of Premier and Cabinet (Tasmania) and the Archives Office of Tasmania, 1995 Management of Electronic Documents in the Australian Public Service, Information Exchange Steering Committee, 1993 Section 4: Electronic Recordkeeping Page 32

33 Section 5: Disaster Recovery Policy Status: Approved Version: 1 Date of Issue: September Introduction A disaster recovery plan will provide your organisation with a detailed set of procedures to follow in the event of an accident, emergency or disaster. The aims are to minimise the need for difficult decision making in high pressure situations, to prevent or minimise the loss of important records, to facilitate the recovery of important records and to ensure minimal disruption to business operations and services. This policy describes the process involved in preparing a disaster recovery plan and gives an overall picture of the contents of a typical plan. Each agency s plan will vary according to a variety of local factors including building location, the number and type of services provided by the agency, the resources available in the local community, the size of the agency and the risk assessment conducted by the agency. This policy also recommends strategies which aim to help agencies prevent the occurrence of disasters within their organisations. 5.1 Policy Each agency will take all reasonable steps to ensure that their records are at minimal risk of damage or loss due to accident or disaster There are a number of preventative measures that should be incorporated into standard operational practices. Many such measures are included in Section 2: Storage while others are listed here (a) Have a building/site inspection carried out and ensure it covers such things as: the age of the building and whether or not previous damage has been caused to the building (eg. flooding) and, if so, whether the causes have been eliminated; the condition of the roof (including guttering) and the state of the electrical wiring - is preventative maintenance appropriate?; the presence of fire detection devices and automatic sprinklers; the location and condition of water carrying pipes; the location and condition of windows; the presence and condition of fire doors; the type of air conditioning used; Consideration should also be given at this time to the general location of the building taking into account such factors as: proximity to emergency services and/or assistance providers; hazards presented by neighbouring facilities (eg chemical storage) (b) Do not store records in basements or lower levels; if you must do so Section 5: Disaster Recovery Page 33

34 temporarily raise the records from the floor using shelving or pallets (c) Use metal shelving for records storage to help prevent the spread of fire (d) When records are no longer required for day-to-day access store them in boxes or other containers which helps prevent both the spread of fire and water damage (e) For fragile and un-boxed records it might be necessary to have elastic cords on the front of shelving to prevent the records falling during storms or structural damage to the building (f) Make duplicates of vital records (see step 2 of item below) and store the duplicates off-site (g) Ensure that there are adequate numbers of appropriate fire extinguishers and that staff are trained how and when to use each type (h) Have regular evacuation drills to ensure that staff are aware of the procedures involved (i) Make the necessary special arrangements for your records during times of increased risk such as building renovations. 5.2 Policy Agencies will develop and maintain a disaster recovery plan which details all procedures to be followed in the event of a disaster. The plan will include all information necessary to implement the procedures There are a number of steps involved in preparing and maintaining a disaster recovery plan and these are outlined below: Step 1: Identify all potential threats to your organisation and conduct a realistic assessment of the probability and consequences of each incident. Threats include natural hazards such as rain, hail and flood damage; man made hazards such as fire, explosion and structural damage; criminal activity such as theft, vandalism, arson and sabotage; power surges or other systems failures. Step 2: Develop a list of your organisations vital records which includes details of location, format and quantity of these records. Vital records are defined in Keeping Archives as those records that are essential for the ongoing business of an agency and, without which the agency could not continue to function effectively. Step 3: Form a committee or working party of key personnel who will be responsible for developing the plan and who will form the nucleus of your disaster response team. Section 5: Disaster Recovery Page 34

35 Step 4: Develop the plan. Consult as widely as possible including with people outside your organisation who you might rely on to perform a specific service or function in the event of an incident. For example: Police Fire Service ETSA response team tradespeople conservators (refer below) salvage organisations organisations with commercial freezers (refer 5.3.2(b) below) systems support organisation(eg EDS and/or applications support providers) systems back-up support (eg back-up computer systems) organisations in your building/neighbourhood who have disaster planning requirements of their own Circulate the plan for comment and suggestions. The Police and Fire Services will need to be consulted about the need for experts to gain access to otherwise sealed areas to assess the damage and identify risks in the event of a disaster. Discuss how such people will be identified (eg badges, uniform markings etc.) and include these details in the plan. Step 5: Once the plan is finalised circulate it to all personnel and ensure they have the skills and knowledge to perform any specific tasks assigned to them. Provide training where necessary. Also provide copies of the plan to external organisations who might be expected to perform some service or function in the event of an incident. Step 6: Ensure the plan remains up to date by reviewing it regularly. Make sure that: any preventative aspects of the plan are being carried out; that the people assigned to specific tasks are still employed by the agency or external support provider and are aware of their responsibilities; that the disaster preparedness store is fully stocked and that recovery infrastructure (eg commercial freezers) are still in operation that the plan is relevant to the current requirements and resources of the agency. Section 5: Disaster Recovery Page 35

36 5.2.2 The plan should contain the following information: procedures for the identification and declaration of a disaster, including details of level of emergency or disaster where applicable the names and contact details (including after hours numbers) of all people/organisations with responsibility for the implementation of some part of the disaster recovery plan. Include agency officers, emergency services people, tradespeople, technicians, suppliers of materials and equipment etc. location details for all materials and equipment which might be necessary for salvage and recovery a list of the agency s vital records, giving their location a list of other important or vulnerable records in priority order instructions and necessary technical information for the first stage of handling of damaged material, including procedures for all the different incidents identified during the risk assessment and a list of things which should not be done to records in case further damage is caused suitable arrangements for the leasing or hiring of accommodation, computers and other office equipment and temporary staff which would be required in the event of a major disaster Immediate access to a disaster recovery kit will help contain the extent of damage. Agencies located in or near the central business district may find it cost effective to contribute to a central disaster preparedness store containing sufficient stocks of equipment and materials to address most needs (a) Agencies that are not well placed to take advantage of such a store should either make up their own disaster kit or cooperate with other local agencies to establish a shared disaster kit (b) As a guide the kit should contain the materials and small equipment you are likely to need during the first few hours of an emergency (c) Responsible officers should be aware of the use to which recovery materials should be put and be aware of the basic techniques used to minimise the effect of disasters and protect important records against further damage (d) Ensure all personnel know where the kit is located and what is contained in the kit (e) Ensure that the kit is kept well stocked by assigning someone the task of checking it regularly. Section 5: Disaster Recovery Page 36

37 5.2.3 (f) Staff should be made aware that the kit is not a de facto supply store and should be discouraged from taking materials from the kit for any reason other than an emergency (g) Small items should be kept together so that they can easily be moved to the location of the incident (use a tool box or clean, 240 litre mobile bin).where it is impractical to keep bulk supplies or large equipment ensure that a list of suppliers is included. A list of the items which might be included in a disaster kit is provided below: (h) a list with the names and contact details (including after hours numbers) of all people/organisations you will need to contact immediately including those who will be required to assess the safety of the building before you access it keys or directions where to find all building keys including those to fire panels, valve rooms, air conditioning plants etc. a plan of the building showing, if possible, the areas to receive priority attention paper towels mops, brooms and buckets sponges freezer paper plastic pegs garbage bags stationery - include labels, pencils, scissors, tape, clipboards, markers, plastic string, plastic paper clips, staple removers first aid supplies torches electrical and plumbing tape wire basic tool kit - include claw hammer, pliers, spanners, screwdrivers plastic crates hard hats overalls / dust coats dust masks rubber boots gloves - include several types such as cotton, rubber and leather working gloves wet/dry vacuum cleaner electric fans extension cords bulk supplies of blotting paper, blank newsprint and polythene sheeting Section 5: Disaster Recovery Page 37

38 5.3 Policy In the event of an accident or disaster agencies will take all reasonable steps to ensure records are conserved according to current best practice There are a number of organisations which specialise in record salvage and conservation and expert advice should be sought as soon as practicable after a disaster has been declared. Ensure you have current contact information for these organisations and that they are aware of your disaster recovery needs Always seek professional advice regarding the conservation of damaged records both while preparing your plan and after a disaster has occurred. The list below contains some very basic conservation advice mainly relating to water damaged records which should ensure that further damage to records is not caused during recovery exercises. Naturally the treatment will depend on the size of the incident. Remember to keep a record of where the records have been moved, especially if they are moved off-site for freeze-drying or similar conservation (a) Prevent the development of mould and bacteria to paper records by ensuring the recovery areas are well ventilated and remain at a constant humidity. Use cool air fans and any natural ventilation. Use blotting paper or other absorbent paper to interleave pages (b) With larger quantities of paper records it is possible to use freezedrying. Records should be wrapped in plastic then frozen at a temperature of -21 C or lower (preferably in a commercial blast freezer). Records can be frozen indefinitely until the time and resources are available to dry them (c) Non-paper records (including photographs, microform, tapes but excluding computer disks) should be washed under running water and immersed in clean water pending attention by expert conservators (which should take place within 48 hours of the incident) (d) Where mould growth has already occurred clean the mould in a separate area which can be isolated from air-conditioning ducts. Always use gloves and masks. An expert should be consulted before fungicides or other chemicals are used. Section 5: Disaster Recovery Page 38

39 Further assistance State Records provides agencies with advice regarding the preparation of disaster recovery plans and offers alternative storage options for both vital records and salvaged material. Artlab Australia offers a comprehensive planning and management service and provides a variety of consulting services including the formation of recovery teams, movement of salvaged material and the management of recovery operations. Acknowledgments and Referenced Documents Australian Standard: Records Management (AS 4390), Standards Australia, 1996 Avoiding Disaster at the Norfolk Record Office, Mark Hingley in Journal of the Society of Archivists, Vol. 17, No. 1, 1996 Disaster Recovery, George Smith, 1995 (paper presented to Records Management Association of Australia Seminar Records & Risk, Adelaide, June 1995) Keeping Archives (2nd Ed), The Australian Society of Archivists, 1993 Section 5: Disaster Recovery Page 39

40 Section 6: Ownership Policy Status: Approved Version: 1 Date of Issue: September Introduction In recent years the issue of ownership and control of public records has become an increasingly difficult one to monitor. One of the most significant changes occurring within the public sector at the moment is the contracting out (or outsourcing) of a variety of operations and services. Coupled with this is an increase in the outright sale of some public assets. The effect of these processes on records management within the public sector is pronounced and this policy addresses the issues which arise in contracting and sale situations. The policy also addresses other ownership issues including the definition of corporate records, the fate of personal records created or kept by public servants, and the matter of working papers and drafts. Some of these matters are raised in the State Records Bill but are explained in more detail in this statement. Note that the Electoral Office records and Parliamentary Office records of Members of Parliament are not covered in this section as a separate section dealing with those records will be prepared. 6.1 Policy All records which are made or received by an agency, or an individual employed by the agency, during the conduct of the agency s business are corporately owned by the agency and, consequently, are subject to the recordkeeping practices and procedures of the agency All records created or received by the agency, or individuals employed by the agency, during the transaction of the agency s business are considered corporate records and must be incorporated in the corporate recordkeeping systems of the agency (refer Section 1: Creation and Control). Although there are certain situations where operational requirements demand working or reference copies of records, individuals should generally be actively discouraged from maintaining separate or duplicate records or recordkeeping systems In many cases individuals or sections maintain separate or duplicate systems because they have no confidence in the corporate system. Accordingly the agency must implement the policies outlined in this manual and adopt appropriate supplementary procedures to ensure that the corporate system does work effectively and that staff develop confidence in that system. Section 6: Ownership Page 40

41 6.1.3 There are a number of situations where separate or duplicate recordkeeping systems are commonly maintained throughout government. These include: the offices of the Chief Executive Officer and other senior personnel; officers or groups of officers with responsibility for case files; remote offices and/or branches. The Corporate Records Manager should identify these and other situations peculiar to the agency. Individuals or sections concerned must be informed of the corporate practices and procedures relating to recordkeeping and be sufficiently trained to fulfil their obligations A small quantity of records created or received by public servants is considered personal records. These include drafts or working papers which are not for further use or reference. Such records do not need to be incorporated into corporate recordkeeping systems. Note that the records falling into this category are minimal and do not necessarily include mail received marked personal and confidential. 6.2 Policy When an agency contracts out an operation or service the contractual agreement must include a consideration of recordkeeping issues In situations where the agency remains responsible for the overall coordination of the operation or service or; an asset will or may revert to the crown at the expiration of the contract or agreement or; the agency is likely to need access to information kept by the service provider; the following conditions should apply and should, where applicable, be incorporated into the service agreement or contract: (a) The agency must stipulate the records and/or information the service provider must create or collect to enable the agency to fulfil its obligations (b) Any records or information created, collected or maintained by the service provider at the specific request of the agency must be created, collected and maintained in compliance with the Government s Information Privacy Principles. Section 6: Ownership Page 41

42 6.2.1 (c) Any records or information created, collected or maintained by the service provider at the specific request of the agency must be created, collected and maintained in compliance with the recordkeeping standards, policies, guidelines and practices issued or endorsed by the agency. This includes the retention and disposal of records according to approved records disposal schedules. The service provider should not have a lien over the records or the information (d) The agency must stipulate the manner in which records are to be created and maintained if that manner is likely to impact upon the agency s ability to fulfil its obligations (e) The service provider and the agency must come to an agreement regarding access to records created or maintained by the provider and should formalise this agreement in the service contract. Issues to consider include: who will be able to access the records; at what times access will be provided; whether copying and/or borrowing of records will be allowed; who will pay any costs incurred for maintenance, retrieval and disposal of records etc (f) The service provider must provide the agency with records (originals or copies depending on the agency s requirements) and/or lists of records to enable the agency to fulfil its obligations (g) Where the service provider wishes to store records off-site they must be retrievable with sufficient accuracy and timeliness so as not to negatively affect the agency s ability to meet its obligations and customer service goals (h) Where the service provider wishes to store records off-site and is ultimately required to give the records to the agency, the agency should be involved in the selection of the off-site store and the manner in which records are stored, listed etc. 6.3 Policy When a government agency or part thereof is sold, the sale agreement will include a consideration of recordkeeping issues The following issues should be considered during sale negotiations and, where applicable, be formalised in the sale agreement: (a) All records created by the agency prior to the sale remain the property of the government unless approval to transfer ownership has been given by the State Records Council (b) If there are records which are identified (in a disposal schedule) as having permanent value to the State of South Australia they should not be loaned, and cannot be given, to the purchaser. If the purchaser has a requirement to access such records, arrangements for copying or other access should be made prior to the sale (c) The agency must consider issues of privacy, security and commercial confidentiality when making arrangements to loan or give records or copies of records to the purchaser of the asset. Section 6: Ownership Page 42

43 6.3.1 (d) Any records or groups of records, the contents of which cannot be divulged (eg records containing information that is considered commercial in confidence), should be specifically excluded in the sale agreement (e) Records which are to be loaned to the purchaser (ie they will ultimately be returned to the government) should be itemised and a time period for the loan must be formally included in the sale agreement (f) Records which are given to the purchaser (after approval has been obtained from the State Records Council) and are subsequently time expired and to be destroyed by the purchaser should be destroyed in accordance with the confidential destruction guidelines set out in this manual (refer to Section 3: Disposal) (g) The agency should make formal arrangements for access to any records loaned or given to the purchaser which the government might reasonably expect to require access to following the sale (eg financial records, personnel records, contracts and tenders, workers compensation records etc). The arrangements should include a consideration of how long the records will be retained by the purchaser, who will be given access to the records, whether copying and/or borrowing of records will be allowed and who will pay any retrieval expenses incurred in gaining access (h) The agency must make storage, access and retrieval arrangements for any records not required by the purchaser but which the government is required to keep for a specified time period. If the entire agency is to be sold, the agency must nominate an owner within the government who will be responsible for granting access to the records and paying any outstanding storage and destruction costs (i) Any records not required by the purchaser or the government should be destroyed prior to the sale, subject to relevant disposal schedules The recordkeeping issues which arise during the sale of a government asset can be complex. Advice regarding them should be sought from the Crown Solicitor s Office and State Records as early as possible during sale negotiations to enable the issues to be resolved satisfactorily. Section 6: Ownership Page 43

44 Index This is a combined index to all sections of the manual. References are to clause numbers not page numbers. Access in outsourcing situations (e) in sale situations (g) security storage (e) to storage areas (f) Agency Administrator audit trails movement of records numbering formats security levels Audit Trails Barcodes movement tracking 1.5.2; Creation and Control audit trails electronic records 4.1 Freedom of Information legislative requirements 1.1.2; mail handling 1.7 movement 1.5 numbering formats Privacy Principles registration 1.2 security 1.4 sentencing situations in which to create records State Records Bill thesaurus 1.3 Confidential Mail (b) Contracts/Agreements outsourcing of services/assets 6.2 sale of agency/assets 6.3 storage/retrieval/destruction 2.5.1; Corporate Records Crown Solicitor s Advice sale of assets Destruction 3.4 Disaster Prevention refer to Disaster Recovery Index Page 44

45 Disaster Recovery building/site inspections (a) conservation plan - contents plan - preparation prevention 5.1 recovery kit salvage/recovery procedures 5.3 Disposal culling destruction 3.4 documenting 1.5.1; 3.5 movement of records off-site 3.2.3; programmes 3.2 schedules sentencing staff responsibilities 3.3 State Records Bill 3.1 refer to Electronic Mail Electronic Mail management procedures 4.3 official messages (b) personal messages (a) security (c) see also mail handling 1.7 Electronic Recordkeeping creation 4.1 destruction 3.4.4; maintaining access 4.1.3; migration 2.3.2; permanent records 2.3.2; problems associated with Section 4 Introduction security 2.4.3; 4.1.3; (c) vital records Freedom of Information creation security General Disposal Schedules Mail Handling procedures 1.7 see also electronic mail management 4.3 Movement of records documenting physical movement 1.5 Numbering Formats file and document Occupational Health, Safety and Welfare 2.6 Off-Site Storage refer to Secondary Storage Index Page 45

46 Outsourcing agreement/contract copying/loaning of records (e) (f) records to be created by service provider Ownership corporate records outsourcing 6.2 personal records sale of agency/assets 6.3 Permanent Records electronic records 2.3.2; sale of agency/assets (b) storage conditions 2.3 State Records Bill 2.3.1; transfer to State Records/archival store Personal Records Privacy Principles creation outsourced services (b) security RecFind disposal electronic mail (b) movement tracking off-site storage (e) registration of records retention periods security of records Registration creation 1.2 Sale (of agency/assets) copying/loaning of records (c); (e) handover of records (d); (f) permanent records (b) Secondary Storage conditions 2.2 identification of records suitable service provider contracts Security access to records creation 1.4 electronic records 2.4.3; electronic mail (c) sale of agency/assets (c) storage Sentencing State Records Bill creation of records disposal of records 3.1 permanent records 2.3.1; Index Page 46

47 Storage access - to records (e) access - to storage areas (f) access rates boxes and containers (a); conditions - all records 2.1.1; 2.4 conditions - secondary storage conditions - archival storage 2.3 consignment lists (h) disaster prevention (d); 5.1 environmental controls Section 2 Appendix 1 manual handling 2.6 occupational health, safety & welfare 2.6 outsourced services (g) (h) permanent records 2.3; (f) retention period retrieval (e); (h) sale of agency/assets (h) security service provider contracts Thesaurus classification 1.3 Vital Records electronic records identification of Voice Mail refer to Electronic Mail Index Page 47