View Current

Records Management Policy

This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Purpose of Policy

(1) The University of Wollongong (UOW) is required to comply with the State Records Act 1998 and associated regulations, standards, policies, and guidelines to ensure full and accurate records are created, captured, and managed for all UOW business activities.

(2) The purpose of this Policy is to outline responsibilities and compliance controls regarding records management, with the objectives of:

  1. identifying the responsibilities of the University, its staff and affiliates to comply with the requirements of the State Records Act 1998;
  2. contributing to the development and continuous improvement of efficient and effective records management at the University;
  3. ensuring that full and accurate records are created, captured and managed for all University business activities and business transactions;
  4. ensuring that records are appropriately made available to eligible stakeholders; and
  5. ensuring that disposal of records is undertaken in a controlled and compliant manner.
Top of Page

Section 2 - Application and Scope

(3) This Policy applies to all records created, received, or managed by UOW that relate to business activities at the University. They include but are not limited to, records relating to students, staff and affiliates, research activities, governance, buildings, and maintenance as well as financial records.

(4) It applies to all University business applications, including dedicated systems, databases, email, voice, instant messaging, and social media applications across all platforms whether managed in-house, off-site or cloud based.

(5) This Policy applies to all University staff and affiliates.

(6) A breach of this Policy may constitute misconduct pursuant to University Codes, Policies, Guidelines, and may be subject to disciplinary action.

(7) This Policy does not apply to UOW’s controlled entities. UOW’s controlled entities have their own policies and procedures for the management of records.

Top of Page

Section 3 - Policy Principles

(8) The University is committed to establishing and maintaining records management practices that achieve appropriate and ongoing management of its valuable assets to meet compliance obligations, advance UOW’s strategic priorities, support accountability requirements and satisfy stakeholder expectations.

(9) Management of University records is based on the following principles:

  1. Organisation takes responsibility for records management. To ensure records are able to support all corporate business operations, organisations should establish governance frameworks. These include Policy directing how records shall be managed, assigning responsibilities, establishing provisions for records outsourcing and service delivery arrangements, and monitoring records management activities, systems, and processes.
  2. Records management supports business. The core role of records management is to ensure the creation, maintenance, usability and sustainability of the records needed for short and long-term business operations. 
  3. Records are well managed. The effective management of records underpins trustworthy, useful, and accountable records which are accessible and retained for as long as they are needed.
Top of Page

Section 4 - Records Management Program

(10) The University is required to establish and maintain a program that satisfies the requirements of the State Records Act 1998 and any associated policy documents.

(11) The University’s program covers recordkeeping best practice across the following categories:

  1. people and governance – risk, responsibility, strategy, policy, capability, monitoring;
  2. systems and business – security, accessibility, quality, use, and design; and
  3. effective records management – create, store, retain, dispose, transfer, and access.
Top of Page

Section 5 - Ownership, Custody and Control of UOW Records

(12) All records created or received by staff or affiliates, in the course of the University’s operations and activities, are owned by the University unless otherwise specified under contract. Regardless of the ownership of records, any record created, accessed, and or stored by the University must be managed pursuant to this Policy.

(13) Records identified as state archives are required to be transferred into the custody of the Museums of History NSW when no longer required for the University’s business activities.

(14) UOW Archives, within the UOW Library, will retain both custody and control of historical records assessed as having continuing value in accordance with the Library Collections Policy.

Top of Page

Section 6 - Creation of Records

(15) The University is required to ensure that records are routinely created as part of normal business practice. Examples include:

  1. approvals or authorisations of University actions;
  2. signifies a policy change or development;
  3. commits the University to an arrangement or business deal;
  4. contains advice or provides guidance for people inside or outside of the University ; and
  5. requires an action by the University.

(16) Records that are created must be reliable and trustworthy, identifiable, retrievable and accessible. This is achieved through the application of adequate metadata.

(17) To preserve the integrity of the University’s records, no additions or alterations shall be made to an existing record. If additions or alterations are required, a subsequent record is to be created and added to the record using consistent metadata.

(18) Records should be created and stored only once and should be shared between appropriate parties in a secure and controlled manner.

Top of Page

Section 7 - Storage of Records in Business Systems and Databases

(19) The University is required to ensure that records management is a designed component of all systems and service environments where business is undertaken. The University’s PIA and RIA tools are available to assist staff and affiliates in the consideration and assessment of business systems.

(20) All University records must be stored in a University approved system that:

  1. is able to manage the required retention period and disposal process; and
  2. appropriately protects records from unauthorised or unlawful access, destruction, loss, deletion, and alteration – refer to section 10.

(21) The University’s dedicated system, EDRMS, provides for the required storage and security and also meets the requirements regarding retention periods and disposal.

(22) Where one system has either reached end of life or is being replaced by another system, the University must comply with the requirements of GA48 (source records that have been migrated).

Top of Page

Section 8 - Storage of Physical Records

(23) Where physical records exist, both physical security and environmental control measures shall be implemented and monitored for on-campus storage locations to ensure the integrity and security of records.

(24) Physical records stored off-site must be stored in suitable and secure conditions in bespoke recordkeeping facilities. The University’s PIA and RIA tools are available to assist staff and affiliates in the consideration and assessment of the risks associated with off-site storage.

(25) Storage of physical records in any other location, e.g. at home or makeshift storage, is not permitted.

Top of Page

Section 9 - Storage of Records outside NSW

(26) The University must not take or send a record outside NSW unless permitted or authorised under the State Records Act 1998.

(27) Permission for the transfer of records outside NSW for the purposes of maintenance or storage with a service provider is authorised under GA35 (General Authority for transferring records out of NSW for storage with or maintenance by service providers based outside of the State). UOW must meet the conditions as outlined in GA35 to effect any transfers outside NSW for the purpose of maintenance or storage with a service provider.

Top of Page

Section 10 - Security

(28) Staff and affiliates shall only access records for which they have a legitimate business need in the course of their employment and for which they have authorised access.

(29) The University shall ensure that:

  1. all records are stored, accessed, managed and used in accordance with its information security classification as documented in the Data Governance Procedure, Data Handling Guidelines, and Research Data Management Policy;
  2. all personal and health records are managed in compliance with the requirements as outlined in the Privacy Policy; and
  3. all records are protected from unauthorised or unlawful access, destruction, loss, deletion or alteration, in accordance with the Cyber Security Policy and IT Acceptable Use Policy.

(30) To maintain the security in the University’s EDRMS, users are assigned an appropriate level of access to the records for which they have a legitimate business need to access.

(31) If it is necessary for a record to be given to a person in connection with the provision of a service to UOW (third-party engagement), everything reasonably within the power of UOW is done to prevent unauthorized use or disclosure of the record. For example, contractual arrangements between the University and the third party will enable the necessary obligations to be placed on the third party.

(32) The University applies appropriate backup and disaster recovery practices to meet the requirements of the State Records Act 1998 and the Business Continuity Management and Resilience Policy.

Top of Page

Section 11 - Access to Records under the State Records Act

(33) The University must ensure that the records for which it is responsible, that are at least 30 years old, are subject to an access direction. The University must register access directions with the Museums of History NSW.

(34) The University has registered access directions to close public access to the records that contain personal, sensitive, commercial or confidential information.

Top of Page

Section 12 - Public Access to Records via the Government Information (Public Access) Act 2009 (NSW) (GIPA Act)

(35) The University is bound by the Government Information (Public Access) Act 2009, which facilitates public access to records held by the University.

(36) There are 4 avenues that the public may access records held by the University, unless there is an overriding public interest against disclosure. These avenues include:

  1. open access information;
  2. proactive release of information;
  3. informal access requests; and
  4. formal access applications.

(37) Officers located in the Office of General Counsel hold authority to manage requests for records under the Government Information (Public Access) Act 2009. The Vice-Chancellor and President, as UOW’s principal officer, has provided the authority for these officers to exercise the functions under the Government Information (Public Access) Act 2009.

(38) Requests for access to records via subpoena or legal warrant are managed by the Information Compliance Unit (ICU).

Top of Page

Section 13 - Retention Periods and Disposal of Records

(39) Records must only be retained for the minimum legal retention periods as specified in the relevant State Records Act 1998 authority relating to retention and disposal.

(40) Any additional retention requirements specified or implied in other legislation must also be satisfied.

(41) Any extension to the minimum legal retention periods may apply to some records based on UOW business needs.

(42) Certain types of records that are low-value or only required for short term use are not required to be retained and may be destroyed in accordance with Normal Administrative Practice (NAP). Examples of these types of records include:

  1. working papers, background notes and reference materials that are used to prepare or complete other Records;
  2. drafts that are of a routine nature that do not contain significant or substantial changes or annotations; and
  3. published or promotional material (newspapers or journal articles).

(43) Records must be systematically and accountably destroyed. Disposals must be appropriately authorised by the relevant officer as outlined in Delegations of Authority Policy. The University’s records disposal form is available to assist the authorised officers to carry out the disposal process in a compliant manner.

(44) Records documenting the disposal process must be retained for an additional 20 years from the date of disposal. The University’s EDRMS facilitates storage of these records.

(45) Any records related to current litigation or formal access applications under the Government Information (Public Access) Act 2009 must be retained, regardless of any retention period or approved disposal process. ICU must be notified as soon as staff or affiliates become aware that records may be or are required, so that the records are removed from any disposal process. Those records may only be returned to a disposal process with the approval of General Counsel.

(46) Decisions relating to the permanent retention of other records which may be of continuing value to UOW will be based on an appraisal by UOW Archives in accordance with the Library Collections Policy.

(47) Where a change management process occurs resulting in the consolidation or cessation of a particular function, the authorised officer of the portfolio that is most closely aligned with that previous function will be considered to be the appropriate delegate for the management of those records.

Top of Page

Section 14 - Roles and Responsibilities

(48) The Vice-Chancellor and President is responsible for:

  1. ensuring the University complies with the requirements of the State Records Act 1998;
  2. assigning the oversight of records management to a designated senior officer (Senior Responsible Officer); and
  3. the exercise of the University’s functions under the Government Information (Public Access) Act 2009. The Vice-Chancellor and President has authorised officers in the Office of General Counsel to exercise the University’s functions under the Government Information (Public Access) Act 2009.

(49) The Senior Responsible Officer (SRO) is the Deputy Vice-Chancellor (Strategy and Assurance) and oversees:

  1. the strategic and managerial responsibility for records management; and
  2. ensures that records management is in place and operating effectively to support UOW business operations.

(50) The General Counsel is responsible for:

  1. the operational oversight of records management at UOW;
  2. providing approval of access directions, extensions to retention periods, and the transfer of records to the Museums of History NSW.

(51) The Information Compliance Unit (ICU) is responsible for:

  1. implementing and maintaining the Records Management Program;
  2. all general compliance activities associated with the State Records Act 1998 and this Policy;
  3. management and support of the University’s EDRMS;
  4. liaising with relevant regulatory agencies such as State Records NSW and Museums of History NSW;
  5. preparing mandatory reports for regulatory agencies; and
  6. providing advice to staff and affiliates and making best practice recommendations on recordkeeping matters.

(52) Executive Dean of Faculty/Director/Chief Officer  is responsible for:

  1. compliant records management for their respective areas in accordance with the State Records Act 1998 including:
    1. providing approval of records disposal via the UOW records disposal form;
    2. authorising access to EDRMS for staff and affiliates who have a legitimate business need;
    3. ensuring any business systems or programs in their portfolio meet records management requirements; and
    4. ensuring that records are not retained for longer than required for business needs.
  2. implementing and supporting a culture of strong records management compliance;
  3. carrying out their duties, as they apply to management of records, as outlined in the Data Governance Procedure.

(53) UOW Archives is responsible for:

  1. custody and control of UOW historical records assessed as having continuing value in accordance with the Library Collections Policy;
  2. custody and control of materials of historical significance to the Illawarra region.

(54) All staff and affiliates are responsible for:

  1. complying with the Universitys recordkeeping obligations as specified in this Policy and the Records Management Program;
  2. attending training or completing online training to ensure that records principles and requirements are maintained; 
  3. ensuring that records made and kept, or received and kept, in the course of the exercise of their official function at UOW are captured, managed, accessed and retained in accordance with the provisions of this Policy;
  4. carrying out their duties, as they apply to management of records, as outlined in the Data Governance Procedure.
Top of Page

Section 15 - Definitions

Word/Term
Definition
Access direction
Direction detailing the early access to or the closing of records to public access under the State Records Act 1998.
Affiliate
Includes people holding the University of Wollongong Honorary Awards as conferred by the University Council, including the awards of Emeritus Professor, Honorary Doctor and University Fellow; people appointed in accordance with the University’s Appointment of Visiting and Honorary Academics Policy; and people engaged by the University as agency staff, contractors, volunteers and work experience students.
Appraisal
The assessment of UOW records to determine their retention period in accordance with business need and legislative requirements.
Continuing value
Records that have administrative, business, fiscal, legal, evidential, or historic value to UOW.
Controlled entities
UOW Global Enterprises of Companies and UOW Pulse Limited.
Disposal
A range of processes associated with implementing appraisal decisions. They include permanently removing records from UOW’s control through an approved process, such as destruction or the transfer of custody or ownership of records.
Electronic Documents and Records Management System (EDRMS)
UOW’s official recordkeeping system designed to control information as required by this Policy and legislative requirements
Metadata
Information about the context, content, quality, provenance, and/or accessibility that describes a Record.
Migration
Process of moving records from one hardware or software configuration to another or from one generation of technology to another.
Normal Administrative Practice (NAP)
An instrument that allows destruction of certain types of low-value and short-term records in the normal course of business.
Privacy Impact Assessment Tool (PIA Tool)
A tool that facilitates the identification and examination of privacy impacts associated with a UOW program, activity, or technology including consideration of the steps required to minimize privacy risks.
The use of the PIA Tool aims to achieve best practice privacy compliance, protect UOW’s reputation and meet community standards.
Record(s)
Any document (or other source of information compiled, recorded or stored in any written form or on film, or by electronic process, or in any other manner or by any other means) made and kept, or received and kept, by any person in the course of the exercise of official functions at UOW, or for any other purpose or use by UOW.
Records Impact Assessment Tool (RIA Tool)
A tool that facilitates the identification and examination of recordkeeping impacts associated with a UOW program, activity, or technology including consideration of the steps required to minimize recordkeeping risks.
The use of the RIA tool aims to achieve best practice recordkeeping compliance, protect UOW’s reputation and meet community standards.
Records Management Program (Program)
A program that encompasses the framework, people, processes and systems required to manage full and accurate records over time.
Retention Period
A period of time for which records should be kept to meet regulatory, business and community requirements before they can be disposed.
Senior Responsible Officer (SRO)
The officer within the University who has been assigned strategic and managerial responsibility for records management.
SR Act Authority
A formal instrument approved and published by the State Records Authority of NSW in accordance with section 21 of the State Records Act 1998.
State archive
 
A Record that must be retained permanently and that the Museums of History NSW is entitled to take control of under the State Records Act 1998 when no longer required for UOW’s business activities.
Staff
All people employed by UOW including conjoint appointments, whether on continuing, permanent, fixed term, casual, cadet or traineeship basis.