Records Management Security of University Records Procedures



Similar documents
Information Privacy Policy

Governance Document Management Framework

Records Management Policy

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

CORPORATE RECORDS MANAGEMENT POLICY

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4

University of Sunderland Business Assurance. Over-arching Information Governance Policy. Document Classification: Public

Research Data Management Procedures

OFFICIAL. NCC Records Management and Disposal Policy

Staffordshire County Council. Records Retention and Disposal Policy

Edith Cowan University. Document and Records Management Procedure. Safety and Employment Relations..

Data Governance Policy. Staff Only Students Only Staff and Students. Vice-Chancellor

ITEM NO: 4. Date: 23 March Pam Williams Borough Treasurer Wendy Poole Head of Risk Management Audit Services. Reporting Officers:

Records and Information Management. General Manager Corporate Services

COUNCIL POLICY R180 RECORDS MANAGEMENT

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

Mobile Telephony Devices Acquisition and Usage Procedures pro-055 Version: 1.01

Council Policy. Records & Information Management

Corporate Records Management Policy

Territory Records (Records Disposal Schedule Disaster Recovery (Human Services) Records) Approval 2005 (No 1)

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4.

Records Management Standards. Records Management Standards for Public Sector Organisations in the Northern Territory

Information and Compliance Management Information Management Policy

TOWN OF COTTESLOE POLICY MANAGEMENT

ANU Electronic Records Management System (ERMS) Manual

LORD CHANCELLOR S CODE OF PRACTICE ON THE MANAGEMENT OF RECORDS UNDER

AS/NZS 4801:2001. Safety Management Systems (SMS) Self-Assessment Checklist. Revision 1 (January 2014)

Greater London Authority Records Management Policy

All staff at Ara, including full and part-time permanent, temporary and contracting staff

Pocket Guide to Clinical Risk Management

RECORDS MANAGEMENT POLICY

Information Management Advice 50 Developing a Records Management policy

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

Information Management Advice 4 Managing Electronic Communications as Records

Records Management Policy

RECORD MANAGEMENT STANDARD OPERATING PROCEDURE (SOP)

Information Management Policy

OH&S MANAGEMENT SYSTEM CHECKLIST - AS 4801:2001 (STATUS A = Acceptable; N = Not Acceptable; N/A = Not Applicable)

RECORDS MANAGEMENT POLICY

ARMAGH CITY, BANBRIDGE AND CRAIGAVON BOROUGH COUNCIL GPRC/P4.0/V1.0.

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

Psychologist s records: Management, ownership and access. APS Professional Practice

Records and Document Management

Data Governance. Policy FINAL (Approved)

Cloud Computing and Records Management

CCG: IG06: Records Management Policy and Strategy

ADRI. Statement on the Application of Digital Rights Management Technology to Public Records. ADRI v1.0

Scotland s Commissioner for Children and Young People Records Management Policy

3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks;

State Records Guideline No 25. Managing Information Risk

Information Circular

Records Management Policy

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Digital Continuity Plan

Records Management Policy

Guideline 1. Cloud Computing Decision Making. Public Record Office Victoria Cloud Computing Policy. Version Number: 1.0. Issue Date: 26/06/2013

RECORDKEEPING MATURITY MODEL

Parliamentary Information & Records Management Policy (v3.0) 2014

NOT PROTECTIVELY MARKED FORCE PROCEDURES. Using the Off-Site Storage Facility for Physical Records - v03. Records Manager

Chester Beatty Library Records Management Policy

Guide 4 Keeping records to meet corporate requirements

Records Management - Council Policy Version 2-28 April Council Policy. Records Management. Table of Contents. Table of Contents... 1 Policy...

16 Electronic health information management systems

Records Management plan

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

An Approach to Records Management Audit

Job Number: ROLE DESCRIPTION

Qualification details

Information and records management. Purpose. Scope. Policy

Records Management Policy

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Management and Data Storage Policy. Version 1.4

Document and Record Control Procedures

Public Records (Scotland) Act Healthcare Improvement Scotland and Scottish Health Council Assessment Report

FWBC Records Management Policy TRIM Records. Version 1.0. October 2012

How To Manage Records And Information Management In Alberta

Privacy and Cloud Computing for Australian Government Agencies

Implementing an Electronic Document and Records Management System. Key Considerations

DATA PROTECTION POLICY

University of New England Compliance Management Framework and Procedures

State Records Guideline No 15. Recordkeeping Strategies for Websites and Web pages

information Records Management Checklist business people security preservation accountability Foreword Introduction Purpose of the checklist

Records Authority. Department of Health Private Health Insurance

Records Retention and Disposal Schedule. Information Management

Life Cycle of Records

ADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI v1.0

Records management policy. Document author Assured by Review cycle. Audit and Risk Commitee. 1. Introduction Purpose or aim Scope...

5.3. CQUniversity records and information will be captured and managed within one of the following corporate systems:

INFORMATION SECURITY INCIDENT REPORTING POLICY

4 NUMBER 004 Policy Data base Document Reference Number P

Records Management Checklist. preservation. accountability. information. security. peoplep. A tool to improve records management

RECORDS MANAGEMENT POLICY MANUAL

BSBRKG403B Set up a business or records system for a small business

Information Governance Framework. June 2015

Complaint management policy About this policy

Lord Chancellor s Code of Practice on the management of records issued under section 46 of the Freedom of Information Act 2000

Information Governance Policy

Management of Official Records in a Business System

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT

Information Governance Strategy & Policy

Transcription:

Records Management Security of University Records Procedures pro-064 To be read in conjunction with: Records Management Policy Version: 2.00 Last amendment: Nov 2014 Next Review: Nov 2016 Approved By: Vice-Chancellor Date: 19 Sep 2012 Contact Officer: Manager, Records and Archives, ITMS All procedures are intended to give further details to information contained in a particular piece of legislation, policy, code or agreement and must therefore be read in conjunction with them. INTRODUCTION Commonwealth and Northern Territory Government legislation requires that all members of the University community are responsible for proper records management and must contribute to the corporate memory through compliance with University Records Management policies, procedures and guidelines. The security of University records refers to the practice of creating, storing, using and making records available securely, with due regard to permitting access to those members of the University community with a genuine need to know the information contained within the records and who have the proper authority to access them. INTENT This document applies to all members of the University community. It is intended to identify what issues should be considered with regard to the security of a University record. RELEVANT DEFINITIONS In the context of this document: Archiving means the process of taking records that are no longer actively utilised and separating them from active records. For hard-copy records this usually means moving them to an offsite storage facility. For digital records archiving may involve updating the status, moving the record to a separate data storage medium or compression of the data; Metadata means key information identified about a record and used to discover and identify records; Record means: Recorded information in any form (including data in a computer system) that is required to be kept by a public sector organisation as evidence of the activities or operations of the organisation, and includes part of a record and a copy of a record; and/or Information created, received, and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business; Register means Register of Systems Approved for the Management of University Records; Contact Officer: Manager, Records and Archives, ITMS Page 1 of 5

Security Classification means a structured approach to manage access to records by members of the University community who have the appropriate authorisation to do so; and University Community means a staff member, authorised visitor or contractor to the University PROCEDURES University records must be kept secure to prevent inappropriate access by persons without correct authorisation and potential misuse. To ensure this is possible, records must be kept in an approved system listed on the Register of Systems Approved for the Management of University Records (henceforth known as the Register) and managed consistently and systematically. Approved Systems for Security of University Records All systems on the Register must have workflow processes in place to ensure records are kept secure, including but not limited to: Secure login credentials and processes around access to the approved system; and Additional levels of security may be applied to specific records within the system. This includes both electronic records and metadata relating to hard-copy records. This is referred to as access control, with the level of access being identified by a security classification. Access to these restricted records is limited to a subgroup of authorised people. These workflow processes must be reviewed regularly to ensure that the level of access granted to staff remains appropriate. Security of Hard-Copy Records To ensure that hard-copy records being held within the University community are retained securely, the University community must: Capture the records in line with the Records Management - Capturing University Records Procedures; and Ensure records are stored in line with the security classification of the approved records management system for that record. University records must not be able to be physically accessed by people who do not have access to the systems in which they are stored. Alternatively records must be forwarded to the Records and Archives branch for secure long-term storage. Access to archived hard-copy records must be requested through the University s Records and Archives branch. The Records and Archives branch must ensure enforcement of the appropriate security restrictions when accessing records from archive storage. Freedom of Information If a request for freedom of information (FOI) is made that involves a University record, the assessment on whether the information within the record/s is pertinent to the request, must be assessed in accordance with the Information Act 2002 (NT). The Information Act does not recognise security classification as a justification for withholding information. Freedom of information requests are managed by the Governance Branch. Contact Officer: Manager, Records and Archives, ITMS Page 2 of 5

Review of Security Classification Records must be allocated security classification appropriate to the content. Members of the University community must have uninhibited access to the records that they require to undertake their work. This will avoid security classifications being ignored or over-ridden because they are inappropriate. If a member of the University community considers that the security classification of a record is inappropriate, a request must be raised with the person/s responsible for maintaining the record, to review the classification. Records and Archives Branch The Records and Archives branch is responsible for ensuring that processes and tools are in place to confirm that University records are kept securely by all members of the University community. The Records and Archives branch of the University is responsible for: Managing the University s Electronic Document and Records Management System and the administration of that system; Assessing systems and work processes for managing University records; Maintenance of the Register of Systems Approved for the Management of University Records; Conducting regular auditing on records management processes across the University; Managing the storage of archived, hard-copy University records; Developing and reviewing University Records Disposal Schedules; Managing the application of retention and disposal of University records; and Providing advice on how to implement new processes that involve the management of University records. ESSENTIAL SUPPORTING INFORMATION Internal Information Privacy Policy Records Management - Capturing University Records Procedures Records Management - Discovery of University Records Procedures Records Management - Retention and Disposal of University Records Procedures Records Management Policy External AS/NZS ISO 23081.1:2006 Information and documentation Records Management Processes - Metadata for Records AS/NZS ISO 13028:2012 Information and documentation Implementation guidelines for digitization of records AS/NZS 1015:2011 Australian/New Zealand Standard Records Management Physical Storage Contact Officer: Manager, Records and Archives, ITMS Page 3 of 5

Information Act 2002 (NT) Privacy Act 1988 (Commonwealth) Records Management Standards for Public Sector Organisations in the Northern Territory Contact Officer: Manager, Records and Archives, ITMS Page 4 of 5

Document History and Version Control Version Date Approved Approved by 1.00 19 Sep 2012 Vice- Chancellor Brief Description Creation of original document and posting to CDU website. 1.01 17 Jul 2013 Governance Assigned document number Converted document to current template Updated and added hyperlinks Minor changes to wording, grammar and formatting 2.00 05 Nov 2014 Vice- Chancellor Undertake biennial review of Records Management Procedures suite of documents Update Privacy Policy to Information Privacy Policy Contact Officer: Manager, Records and Archives, ITMS Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information